[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: <misc@openbsd.org>
Subject: Re: propolice
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
Date: Mon, 02 Dec 2002 10:14:35 +0000
User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630)

Miod Vallat wrote:

>> Propolice relies on a random guard variable that is unknown to an attacker,
>> and which cannot be determined without local root privileges.
>> 
>> However, an attacker could load a compiled package on a machine on which he
>> does have root and determine the value.
>> 
>> So any protection would not apply to pre-compiled packages.
>> 
>> I may be wrong here, if so would someone please let me know how.
> 
> The guard value is computed at runtime, and will be different between
> processes.
> 
> So having the ability to know it in your binary does not help much
> breaking others.
> 

Thanks. 


-- 
Peter Fairbrother

References:
- Re: propolice
  - From: Miod Vallat <miod@online.fr>

Prev by Date: Re: propolice
Next by Date: Re: Sendmail issue
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread