You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a TAF update is available, TAF does the right thing by downloading the unix client, however the code after that assumes that the download is only for windows and attempts to run it like an executable:
2024-04-02 21:01:13.951 INFO 3458 --- [lication Thread] c.f.c.update.ClientUpdateServiceImpl : Starting installer at /home/danny/.taforever/cache/update/tafclient_unix_2024_01_13.tar.gz
/home/danny/.taforever/cache/update/tafclient_unix_2024_01_13.tar.gz: /home/danny/.taforever/cache/update/tafclient_unix_2024_01_13.tar.gz: cannot execute binary file
I'm not sure if there's already code to untar archives in the codebase, but at the very least it's a security problem for it to be trying to execute a file which is just data.
The text was updated successfully, but these errors were encountered:
It's only a security problem in the broad sense of "trying to execute something that's supposed to purely be data is a bad practice." The theoretical problem would be someone hijacking the domain for TAF and putting something malicious in that says it's .tar.gz.
Then they could also replace the insides and have the malicous code there
too. Unless it was crypthographically signed that is just a reality of
life. I dont think we can expect overengineered perfection.
When a TAF update is available, TAF does the right thing by downloading the unix client, however the code after that assumes that the download is only for windows and attempts to run it like an executable:
I'm not sure if there's already code to untar archives in the codebase, but at the very least it's a security problem for it to be trying to execute a file which is just data.
The text was updated successfully, but these errors were encountered: