I mean, sure, I guess, but what's the threat model here? I sure hope you trust the tarballs you're unpacking to install a system not to be malicious, otherwise what's the point?

I mean, sure, I guess, but what's the threat model here? I sure hope you trust the tarballs you're unpacking to install a system not to be malicious, otherwise what's the point?

I could come up with a contrived exploit scenario, but yes if someone controls the tarballs being unpacked during install it's likely much easier to just provide a trojaned binary.

This came to secteam and I thought "sure, why not."

In D57274#1312947, @emaste wrote:

I mean, sure, I guess, but what's the threat model here? I sure hope you trust the tarballs you're unpacking to install a system not to be malicious, otherwise what's the point?

I could come up with a contrived exploit scenario, but yes if someone controls the tarballs being unpacked during install it's likely much easier to just provide a trojaned binary.

This came to secteam and I thought "sure, why not."

Can that go in the commit message, please? Otherwise people might get the wrong idea. Also I don't feel great about crediting a whole bunch of people plus an LLM for finding something that is not a bug, just a "sure might as well I guess it shouldn't hurt and stops people shooting off their feet if something goes terribly wrong with a snapshot build".

In D57274#1312947, @emaste wrote:

I mean, sure, I guess, but what's the threat model here? I sure hope you trust the tarballs you're unpacking to install a system not to be malicious, otherwise what's the point?

I could come up with a contrived exploit scenario, but yes if someone controls the tarballs being unpacked during install it's likely much easier to just provide a trojaned binary.

This came to secteam and I thought "sure, why not."

This could also arise when installing tarballs to a jail though. Then, even a trojaned binary is confined to the jail, in theory.