Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
yorwba
9 months ago
|
parent
|
context
|
favorite
| on:
OpenZL: An open source format-aware compression fr...
If the decompressor is included in the compressed file and it's malicious, the file can hardly be called
known good
.
tecleandor
9 months ago
[–]
But also I guess the logic of the decompressor could output different files in different occasions, for example, if it detects a victim, making it difficult to verify.
viraptor
9 months ago
|
parent
[–]
If it can "detect a victim", then the sandbox is faulty. The decompressor shouldn't see any system details. Only the input and output streams.
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: