I‘ve read this one recently too, it makes me think we shouldn’t support xz in any way other than ro/extracting „best effort“
This attack in general raises another question though, assuming anyone wants to attack Haiku, what is preventing them from using prebuilt binaries in haikuports, or replicants?
Since replicants work by loading another progranm into it‘s own adresss space such attacks would lilely be much easier on Haiku, if you can trick the programm to load you. Is there a deffence against this?