docs: add a note about security considerations.

2025-08-11 22:52:30 +08:00 · 2020-12-03 02:10:05 +01:00
parent f218812858
commit 8ced672d24
3 changed files with 23 additions and 0 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ User visible changes for UPX

 Changes in 4.0.0 (XX XXX 2020):
  * Switch to semantic versioning
+  * SECURITY NOTES: emphasize the security context in the docs
  * bug fixes - see https://github.com/upx/upx/milestone/6

 Changes in 3.96 (23 Jan 2020):
--- a/11
+++ b/11
@ -52,6 +52,17 @@ http://compression.ca/ .
 UPX aims to be Commercial Quality Freeware.


+SECURITY CONTEXT
+================
+
+IMPORTANT NOTE: UPX inherits the security context of any files it handles.
+
+This means that packing, unpacking, or even testing or listing a file requires
+the same security considerations as acutally executing the file.
+
+Use UPX on trusted files only!
+
+
 SHORT DOCUMENTATION
 ===================

--- a/doc/upx.pod
+++ b/doc/upx.pod
@ -44,6 +44,17 @@ Please report all problems or suggestions to the authors. Thanks.



+=head1 SECURITY CONTEXT
+
+IMPORTANT NOTE: B<UPX> inherits the security context of any files it handles.
+
+This means that packing, unpacking, or even testing or listing a file requires
+the same security considerations as acutally executing the file.
+
+Use B<UPX> on trusted files only!
+
+
+
 =head1 DESCRIPTION

 B<UPX> is a versatile executable packer with the following features: