The is frightening. This would be an excellent Obfuscated-shell entry. The payload is hidden in the test xz files in the distribution. So convenient that it's a decompressor thus they can hide it in corrupt files (which are corrected then decompressed).
The [way it's hidden](https://gynvael.coldwind.pl/?lang=en&id=782) is frightening. This would be an excellent Obfuscated-shell entry. The payload is hidden in the test xz files in the distribution. So convenient that it's a decompressor thus they can hide it in corrupt files (which are corrected then decompressed).
The only suspicious thing about the test files is that there were no new tests added that used them in the same commit that added the files. It would have taken some manual garbage cleanup later for anyone to realize those test files were not referenced anywhere in the repo. I guess that’s a new thing to check for: unreferenced binary blobs.
The only suspicious thing about the test files is that there were no new tests added that used them in the same commit that added the files. It would have taken some manual garbage cleanup later for anyone to realize those test files were not referenced anywhere in the repo. I guess that’s a new thing to check for: unreferenced binary blobs.
(post is archived)