Join Nostr
2024-09-09 22:13:38 UTC
in reply to

Pierre Bourdon on Nostr: to avoid buffering archives in their packed form (either to RAM or to disk), Nix ...

to avoid buffering archives in their packed form (either to RAM or to disk), Nix streams unpacking to the /nix/store and checks the signature of the extracted data at the end. Which in theory is fine... until you have a vuln at unpacking time like this one. Or a vuln in the NAR parser (which isn't fuzzed, afaik).
Author Public Key
npub18ahux7c4r7aqhclxuy2778m63akafyle42y5n7k4n8m9hnre9n8qdp5v5z
Seen on
wss://relay.momostr.pink