Difference in handling of ISOs compared to Windows

M2Team / NanaZip

The 7-Zip derivative intended for the modern Windows experience

https://sourceforge.net/projects/nanazip/

Other

8.87k stars 224 forks source link

Difference in handling of ISOs compared to Windows #277

Open joegasper opened 1 year ago

joegasper commented 1 year ago

With the security related enhancements put into NanaZip, I just wanted to point out a recent issue in 7-zip and types of ISO files used to potentially deliver malware.

Incompatibility in handling of ISOs between 7-zip and Windows

Proof of concept ISO is provided. Opening the ISO in NanaZip, there are no files. Open the ISO with Windows Explorer, there is a single Example.txt file.

MouriNaruto commented 1 year ago

Thank you. We need some time to research this issue before we fix that.

Kenji Mouri

Artoria2e5 commented 1 year ago

Uh oh, proof of concept iso is gone. Anyone has a backup?

Without knowing too much about what's going on, there can be a lot of weird things with an ISO -- like different filesystems coexisting (UDF Bridge / 9660 converted to UDF) -- and these can have different data.

Okay, found archive at https://web.archive.org/web/20230216063620/https://sourceforge.net/p/sevenzip/discussion/45797/thread/49f338068e/. Anyways, commented at the original post.