Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: RE: WPS tokenizer

RE: WPS tokenizer

From: RaeNye <raenye_at_netvision.net.il>
Date: Tue, 20 Mar 2007 14:34:58 +0200

>If we have some binary output that could be written directly to memory
lying
>around on the disk, without error checking, it just screams security hole
directly
>in my face. Then again, it depends where and when it is created.
>And of course, I see no practical application of creating a "malicious"
>wps binary to 0wn your ipod. But I just thought someone should mention it.

I agree, but RB structure is already unsafe (security-wise) with no memory
protection, a cooperative kernel and unsigned binary overlays
(codecs,viewers,plugins).
I'm pretty sure that other stack overflows exist, although RB is safe
against heap overflows ;-)

Anyway, assuming that when loading a WPS we first check if the compiled
binary is valid (by date and by source hash) the adversary needs to create a
source file with a given hash value.
Received on 2007-03-20


Page was last modified "Jan 10 2012" The Rockbox Crew
aaa