On Tue, 20 Mar 2007 13:34:58 +0100, RaeNye <raenye_at_netvision.net.il> wrote:

> I agree, but RB structure is already unsafe (security-wise) with no
> memory
> protection, a cooperative kernel and unsigned binary overlays

I agree, there's propably better attack vectors... but then again, rockbox
code is usually downloaded from the rockbox website, but I would download
a theme from somewhere else. Here is the attack

- user downloads malicous WPS from somewhere (not necesseraly rockbox.org)
- user installs WPS, selects it on player
- player crashes, executes WPS code, writes an autorun to root directory
- user plugs player into usb, gets trojan from autorun
- rockbox gets lots of publicity ;)

ok, i know this is stupid. There could also be some overflow in one codec,
so playing a song does the same to rockbox. As long as rockbox doesnt
speak TCP/IP, it can afford to have "optimistic security" :)

> Anyway, assuming that when loading a WPS we first check if the compiled
> binary is valid (by date and by source hash) the adversary needs to
> create a source file with a given hash value.

If we do that, we should make sure the hashing is faster than the parsing
:)
Can we just check the timestamp? I think windows sets it, i dont know how
many linux distros mount usb devices with noxtime, X in {a,m,c} (or
whatever
it was).

But I'll shut up now. I heard the google talk about poisonous ppl and i
dont
want to be one of them.

Kosta
Received on 2007-03-20