|
Rockbox mail archiveSubject: Re: WPS tokenizerRe: WPS tokenizer
From: Kosta Welke <kosta_at_fillibach.de>
Date: Tue, 20 Mar 2007 13:59:24 +0100 On Tue, 20 Mar 2007 13:34:58 +0100, RaeNye <raenye_at_netvision.net.il> wrote: > I agree, but RB structure is already unsafe (security-wise) with no > memory > protection, a cooperative kernel and unsigned binary overlays I agree, there's propably better attack vectors... but then again, rockbox code is usually downloaded from the rockbox website, but I would download a theme from somewhere else. Here is the attack - user downloads malicous WPS from somewhere (not necesseraly rockbox.org) - user installs WPS, selects it on player - player crashes, executes WPS code, writes an autorun to root directory - user plugs player into usb, gets trojan from autorun - rockbox gets lots of publicity ;) ok, i know this is stupid. There could also be some overflow in one codec, so playing a song does the same to rockbox. As long as rockbox doesnt speak TCP/IP, it can afford to have "optimistic security" :) > Anyway, assuming that when loading a WPS we first check if the compiled > binary is valid (by date and by source hash) the adversary needs to > create a source file with a given hash value. If we do that, we should make sure the hashing is faster than the parsing :) Can we just check the timestamp? I think windows sets it, i dont know how many linux distros mount usb devices with noxtime, X in {a,m,c} (or whatever it was). But I'll shut up now. I heard the google talk about poisonous ppl and i dont want to be one of them. Kosta Received on 2007-03-20 Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |