Hacker News new | past | comments | ask | show | jobs | submit login
Zip Files All the Way Down (2010) (swtch.com)
92 points by mmastrac on May 11, 2017 | hide | past | favorite | 10 comments

That approach has been used for some exploits. You can create an LZ encoding which inefficiently encodes using a small set of characters, such as ASCII letters only. This will get through some mail filters that are trying to stop binary files by looking at byte value statistics.

Another interesting problem slightly more interesting than a quine is writing an auto-cannibal machine (this was a homework assignment in my semester of 15-251 at CMU):

Write a function `ACM : (String -> a) -> a` aka a function that takes a string consumer as input (such as flip_upper_and_lower_cases: String -> String, or word-count String -> Int) and outputs the result of applying this transform to it's own source code.

For example if the contents of the ACM file were: `ACM(f) = print f("foo")` (note that this is clearly not a correct answer in any language)

`ACM(flip_upper_and_lower_cases)` invoked from another file should yield: 'acm(F) = PRINT F("FOO")'

(please don't post a solution publicly just in case they're still using this as homework)

Related discussion and links https://news.ycombinator.com/item?id=10158529

In case anyone else is interested this is (probably) the image the "set theory books all the way down" should link to: http://also.kottke.org/misc/images/naive-set-theory-cover.jp...

By default the Python binary will try to load a file called "python27.zip" at startup. What if python27.zip was a "zip bomb"?

Nothing for me:

    stat("/usr/lib/python27.zip", {st_mode=S_IFREG|0644, st_size=440, ...}) = 0
    open("/usr/lib/python27.zip", O_RDONLY) = 3

Makes sense; the way runtimes use archives as pseudo-loop-mounted-filesystems only requires one level of dereference. A zip file inside that zip file would just be left alone.

A bit different from a "smart" archive tool, or a virus-scanner, which tend to want to recursively unpack things until they run out of archives.

Though back when I worked ISP operations our AV setup was quite nicely screwed over by a simple zip-that-unpacks-a-giant-file - since when it reached 2Gb the AV process would crash without cleaning up and eventually we ran out of unpacking space and couldn't process anything else either (but until then kept processing at about 75% normal speed because the bomb went back into queue for a bit after that).

Duct taped it by doing roughly 'rm /tmp/av_system//' in cron once a minute to keep things up while we tracked the offending email down and malleted it out of existence.

AV vendor intentionally not mentioned since >15 years later I'm sure their code is mostly different and mostly not maintained by the same people.

The last time I checked gmail refused to attach this file to emails. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact