|
Rockbox mail archiveSubject: RE: WPS tokenizerRE: WPS tokenizer
From: RaeNye <raenye_at_netvision.net.il>
Date: Tue, 20 Mar 2007 14:34:58 +0200 >If we have some binary output that could be written directly to memory lying >around on the disk, without error checking, it just screams security hole directly >in my face. Then again, it depends where and when it is created. >And of course, I see no practical application of creating a "malicious" >wps binary to 0wn your ipod. But I just thought someone should mention it. I agree, but RB structure is already unsafe (security-wise) with no memory protection, a cooperative kernel and unsigned binary overlays (codecs,viewers,plugins). I'm pretty sure that other stack overflows exist, although RB is safe against heap overflows ;-) Anyway, assuming that when loading a WPS we first check if the compiled binary is valid (by date and by source hash) the adversary needs to create a source file with a given hash value. Received on 2007-03-20 Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |