[dcc2] Question about the necessity of multi file sends
Theo Julienne
admin at ozweb.nu
Mon May 10 02:17:05 EDT 2004
Tom McAlee wrote:
>Even if the client itself unpacked a .zip file and decided which ones to
>throw out... well, you've still managed to pass them along and there's no
>telling what might happen to the files while they exist in a temporary
>directory on the receiving client's machine.
>
Which just reminded me, after these recent exploits popping around with
some archive/other programs opening up archives that have been
maliciously formed and causing remote command execution, do we want to
force zip programs on people who want to send a few files? What if a
user extracts it with a tool not knowing about an exploit for that tool?
What if the zip was generated by an IRC-based worm? :\
Certainly, the issue about zip files needing to be transfered completely
before being able to see which files are in the archive in itself makes
relying on zip a bad idea. Clients/users *should* be able to reject a
single file, and not all of them.
---
Kind regards,
Theo Julienne
Bersirc 2.x developer
More information about the dcc2
mailing list