[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: Peter Fairbrother <zenadsl6186@zen.co.uk>
Subject: Re: propolice
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Mon, 02 Dec 2002 02:47:04 -0700
Cc: misc@openbsd.org

> > the new snapshots leaking out contain propolice in the compiler.  this
> > means that binaries compiled upon these snapshots will NOT run on
> > older systems; there is an upcoming half-flag day for this.  miod will
> > be providing more information within a day when this goes into the
> > tree, but I just wanted to give an early alert.
> > 
> > if you want to find out what propolice is, and are too dense to use
> > google, please go back in kindergarden.
> > 
> > 
> 
> Propolice relies on a random guard variable that is unknown to an attacker,
> and which cannot be determined without local root privileges.
> 
> However, an attacker could load a compiled package on a machine on which he
> does have root and determine the value.
> 
> So any protection would not apply to pre-compiled packages.
> 
> I may be wrong here, if so would someone please let me know how.

If a user can break into his own programs, why would he not in the
first place upload one that gives him privs without him having to go
through the bother?

Come on.  Rational thought can't be that difficult.

References:
- Re: propolice
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>

Prev by Date: Re: propolice
Next by Date: Re: propolice
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread