Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: RE: WPS tokenizer

RE: WPS tokenizer

From: RaeNye <raenye_at_netvision.net.il>
Date: Tue, 20 Mar 2007 15:26:44 +0200

>I agree, there's propably better attack vectors... but then again, rockbox
code is usually downloaded
>from the rockbox website, but I would download a theme from somewhere else.
Here is the attack

Many people are using custom builds which are usually hosted elsewhere
(rapidshare, etc.)
To save the attacker much work, she can just include the autorun executable
in the build zip file.

>ok, i know this is stupid. There could also be some overflow in one codec,
so playing a song does
>the same to rockbox. As long as rockbox doesnt speak TCP/IP, it can afford
to have
>"optimistic security" :)
Just imagine the security issues with a RB-powered Zune...

>If we do that, we should make sure the hashing is faster than the parsing
>Can we just check the timestamp? I think windows sets it, i dont know how
many linux distros mount usb devices with noxtime, X in {a,m,c} (or whatever
it was).
A reasonable assumption is that the only device that is "allowed" to compile
WPS is the current Rockbox build itself, since the binary format may depend
on the platform and/or the build itself.
We can check the timestamp and the RB checksum (the same one that's verified
on boot).
This adds a WPS compilation whenever RB is updated, but that won't happen
too often for most users.

>But I'll shut up now. I heard the google talk about poisonous ppl and i
dont want to be one of them.
Dev lists /are/ for discussion, aren't they?
Received on 2007-03-20


Page was last modified "Jan 10 2012" The Rockbox Crew
aaa