unzip -l http://install.zip # Use the -l option to unzip to see if it's going to unzip a bunch of files into the current dir, because that would suck.
-
-
-
Replying to @smitty_one_each @climagic
Unzipping a bunch of files into /tmp is a classic /tmp vuln.
1 reply 0 retweets 1 like -
Replying to @RichFelker @climagic
Well, if there are any uncertainties about the zip, wouldn't some sort of container or VM make sense?
1 reply 0 retweets 0 likes -
Replying to @smitty_one_each @climagic
Maybe, but even one that's not intentionally malicious can clash with random names or concurrent intentional use of same names.
1 reply 0 retweets 1 like
The namespace in /tmp is shared and thus the only reasonable and safe ops in it are atomic ones like mkdir or O_CREAT|O_EXCL.
8:05 AM - 6 Jun 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.