A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community.
  • andyburke@fedia.io
    15·
    1 month ago

    How is a 7-zip user process able to write to system files, even if it is a symlink?

    Either the security issue is outside 7-zip or this writeup doesn’t make much sense.

    • Elvith Ma'for@feddit.orgEnglish
      17·
      1 month ago

      If you click through to the original advisory it becomes clear, why this is rated quite low: because of what you said. Quote:

      An attacker may leverage this arbitrary file write to achieve unauthorized access/code execution, such as by overwriting a user’s SSH keys or .bashrc file

      You can write to whatever the user has access, but that’s usually your home. To wreak havoc you need to either be lucky, or use some somewhat known files and paths that you can reasonably expect to exist - such as ~/.ssh/config or ~/.ssh/known_hosts or maybe a private ssh key. Otherwise you could add an alias to the shell profile for a command that you expect the user to run (e.g. alias ls to rm -rf ~). You could get quite creative with the last one (e.g. alias apt, dnf, zypper, etc. to any executable you want to run with sudo).

      Edit: Why the fuck does Lemmy change a tilde to whatever attempt at turning it into an html tag that is?!

        • Elvith Ma'for@feddit.orgEnglish
          4·
          1 month ago

          Found the problem, it’s just the app Jerboa that somehow renders it strangely. Lemmy itself seems to behave fine

          ~/.ssh/config or ~/.ssh/known_hosts

          as

          <sub>/.ssh/config or </sub>/.ssh/known_hosts