[diffoscope] 03/03: comparators.squashfs: Extract archive in one go rather than per-file, speeding up ISO comparison by ~10x
Chris Lamb
lamby at debian.org
Mon Mar 20 16:31:13 CET 2017
Hi Ximin,
> > commit 52b70b269e4faa31dba92799f57cc135dcb60832
> > Author: Chris Lamb <lamby at debian.org>
> >
> > comparators.squashfs: Extract archive in one go rather
> > than per-file, speeding up ISO comparison by ~10x
>
> Hi Chris, do you know if it is possible for squashfs images to
> contain tricky paths like /evil/path or ../../../../evil/path
I've never *seen* such a thing but if this were the case we would be
vulnerable regardless of whether we extracted per file or per archive;
the exploit — if it exists — would be in unsquashfs.
Hope that helps.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org / chris-lamb.co.uk
`-
More information about the diffoscope
mailing list