[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: Peter Fairbrother <zenadsl6186@zen.co.uk>
Subject: Re: propolice
From: Miod Vallat <miod@online.fr>
Date: Mon, 2 Dec 2002 09:51:25 +0000
Cc: misc@openbsd.org
Content-Disposition: inline
References: <200212020515.gB25Fm7a005635@cvs.openbsd.org> <BA10DBAD.28CE5%zenadsl6186@zen.co.uk>
User-Agent: Mutt/1.4i

> Propolice relies on a random guard variable that is unknown to an attacker,
> and which cannot be determined without local root privileges.
> 
> However, an attacker could load a compiled package on a machine on which he
> does have root and determine the value.
> 
> So any protection would not apply to pre-compiled packages.
> 
> I may be wrong here, if so would someone please let me know how.

The guard value is computed at runtime, and will be different between
processes.

So having the ability to know it in your binary does not help much
breaking others.

Follow-Ups:
- Re: propolice
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>

References:
- propolice
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>
- Re: propolice
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>

Prev by Date: Re: propolice
Next by Date: Re: propolice
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread