[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: Theo de Raadt <deraadt@cvs.openbsd.org>, <misc@openbsd.org>
Subject: Re: propolice
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
Date: Mon, 02 Dec 2002 09:54:14 +0000
User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)

Theo de Raadt wrote:

>>> the new snapshots leaking out contain propolice in the compiler.  this
>>> means that binaries compiled upon these snapshots will NOT run on
>>> older systems; there is an upcoming half-flag day for this.  miod will
>>> be providing more information within a day when this goes into the
>>> tree, but I just wanted to give an early alert.
>>> 
>>> if you want to find out what propolice is, and are too dense to use
>>> google, please go back in kindergarden.
>>> 
>>> 
>> 
>> Propolice relies on a random guard variable that is unknown to an attacker,
>> and which cannot be determined without local root privileges.
>> 
>> However, an attacker could load a compiled package on a machine on which he
>> does have root and determine the value.
>> 
>> So any protection would not apply to pre-compiled packages.
>> 
>> I may be wrong here, if so would someone please let me know how.
> 
> Precisely what does he gain if he breaks his own programs?
> 

If he breaks the packages available on the OpenBSD packages list, quite a
lot...

Or if someone compiles his own packages and installs them on a bunch of
machines..


-- 
Peter Fairbrother

Follow-Ups:
- Re: propolice
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Re: propolice
Next by Date: Re: propolice
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread