[–]▶ No.915793>>916985 [Watch Thread][Show All Posts]
The author of 7zip doesn't compile his binaries with ASLR because the binaries are smaller. Haha wtf? People still use 7zip after that? It's probably full of security vulnerabilities.
https://sourceforge.net/p/sevenzip/feature-requests/1270/
▶ No.915797>>915804 >>916015 >>916034 >>916974
So? Any modern linux distro will automatically compile it with ASLR + more hardening. No one downloads the binaries from his website except Windows users.
▶ No.915804
>>915797
I wouldn't trust this guy to write secure code, especially a program that unpacks random untrusted files. 7zip has had some nasty CVE's recently too.
▶ No.915808
You don't compile binaries with ASLR are you retarded? You compile them as Position independent executables so that they can be run on a kernel that implements ASLR.
ASLR is a total placebo btw https://benpfaff.org/papers/asrandom.pdf
▶ No.915812>>916040
Fake news, he started using ASLR and DEP on windows after that nasty CVE.
OP is the author on WinRAR.
▶ No.915826
▶ No.915827>>915852
Just use whatever you prefer. if you're a pussy just unpack/read untrusted files in a disposable VM, you mentally ill freaks.
▶ No.915834>>915839
>I'm a windows user and this software is harming my security
You got bigger worries budy.
▶ No.915839>>915861 >>916985
>>915834
Windows 10 is a privacy nightmare but some of it's exploit mitigation techniques are WAY ahead of linux.
▶ No.915852
>>915827
>just unpack/read untrusted files on a disposable computer
▶ No.915861>>915868
>>915839
Proof and there so called mitigation techniques wouldn't have to be there if windows didn't have 18 millions of lines of code.
▶ No.915864
The lack of ASLR on 7zip executables made this much more easy to pull off: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
A guy had to write an exploit to convince the author to enable it.
▶ No.915866
who the fuck cares how he compiles it? compile it yourself
▶ No.915868>>915871 >>915874 >>915880 >>915942
>>915861
I don't know if that's accurate, but its not like GNU/Linux is any better. Last I heard, the Linux kernel is about 23+ million lines of code, probably more by now. If you want to use actual programs on GNU and not someones summer project, you're gonna have like over 40 million lines of code on your system. GNOME alone is 8,698,354 lines of code, mostly written in C.
▶ No.915871
>>915868
>I don't know if that's accurate
Those were the numbers I had in 2009 for vista.
▶ No.915874
>>915868
Most of the lines of code in Linux is for shit you'll never use anyway. It's for other architectures and modules/drivers that will never be loaded.
▶ No.915880>>915936
>>915868
>remember the 23 million goy
Unless you are using every CPU architecture at once (which isn't possible), and have all brands of possible hardware installed on your computer AT ONCE (which also isn't possible), and you somehow need to use 100 obscure little features which almost nobody else does (which is unlikely enough to never happen), you won't be using all the 23 million lines of code.
▶ No.915936>>915937
>>915880
But most people use stock kernels that have nearly all the modules and drivers compiled in. And malicious code can force those buggy modules to be loaded.
If you don't want to take the time compiling your own kernel, at least do this to disable module loading:
>echo 1 > /proc/sys/kernel/modules_disabled
▶ No.915937>>915941
>>915936
>echo 1 > /proc/sys/kernel/modules_disabled
you'll just fuck yourself. you'll eventually need a kernel module that wasn't loaded at boot & the only way to fix is a hard restart.
▶ No.915941>>915949
>>915937
>you'll eventually need a kernel module
No I don't. If I'm changing the hardware of my computer I have to turn it off anyways.
▶ No.915942
>>915868
Half of that or more is driver shit, most of which isn't even in stock kernels.
▶ No.915949>>915952
>>915941
modules are not just hardware drivers. It's net protocols, filesystems, crypto, netfilters, etc. It can fuck up a lot of shit if you disable automatic loading.
▶ No.915952
>>915949
>It's net protocols
Yes, but you don't usually need to change those minus the filesystem ones. Personally, I only use like 3 or 4 different filesystems and plan to do so for the foreseeable future.
▶ No.915969>>915970
>paranoid about archive file formats
OP is 95% a pedophile. Australia's Task Force Argos ( https://en.wikipedia.org/wiki/Task_Force_Argos ) was caught doing this to catch pedos. Argos used a RCE exploit in a "popular archiver" to unmask people on a private CP forum. When the suspect unrared the archive, the exploit would phone home with their computer name, real IP address, mac address and any serial numbers it could find.
Argos does incredible work making pedos shit themselves. They did something similar with video files as well.
▶ No.915970>>915974
>>915969
Yes, anyone who cares about security is a pedophile!
▶ No.915974>>917483
>>915970
Why are pedos so fucking stupid that they feel the need to video themselves and save / send it to other places they could get caught?
It's like when niggers film themselves stealing and post to fb then wonder how they got caught. Fucking retards.
I'm glad they are that thick but fml.
▶ No.916015>>916016
>>915797
>No one downloads the binaries from his website except Windows users
Because there aren't any other binaries except for Windows.
Deal with it linuxoids and homOSeX users, you aren't being considered even remotely important in this world.
▶ No.916016
>>916015
sorry, forgot the picture
▶ No.916034>>916040 >>917599
>>915797
Nobody uses 7zip except Windows users.
▶ No.916040>>916058 >>917347
>probably
>lets make shit up
>doesn't compile his binaries with ASLR
>he needs to use the technique OP likes
>>916034
lie
>>915812
>OP is the author on WinRAR.
This tbqh
▶ No.916058>>916086 >>916961
>>916040
>lie
White men use p7zip.
▶ No.916086>>916087
>>916058
No. White man right click and unpack.
▶ No.916087
▶ No.916961>>916978
>>916058
p7zip is his code, it's just the command line version. And rar and 7z are popular with pedophiles. Normal people use zip files.
▶ No.916974>>917599
>>915797
>7zip
>Linux distro
Linux users don't use 7zip
▶ No.916978>>917366
>>916961
>>choosing instead decades older format thats even worse because it practically has zero security
▶ No.916985
>>915793 (OP)
whether or not someone complies to fad practices like ASLR doesn't indicate whether he's a competent programmer
>>915839
and it's meaningless in practice because they're still both shit
▶ No.917347>>917383
>>916040
If you're retarded enough to use 7zip on Linux you deserve what you get.
▶ No.917366
>>916978
>zero security
Define. If you mean data encryption, ZipAES exists and you can always use external encryption layers.
▶ No.917383>>917384
>>917347
As someone who needs to use 7zip both for compatibility reasons and security, what is a better alternative. I need it to be multi-platform, as there may come a time I need to access that data from another OS, and have the ability to encrypt the contents of the archive.
▶ No.917384
>>917383
I forgot but it also needs decent compression as I use tars to get the data into the archive itself. Although this isn't strictly necessary because I could always pack the tar in something else but the less layers the better.
▶ No.917483
>>915974
>Why are pedos so fucking stupid that they feel the need to video themselves and save / send it to other places they could get caught?
#NotAllPedos
▶ No.917599
>>916034
>>916974
There is, but only for the format.
▶ No.917673