On Mon, Apr 03, 2006 at 10:33:10PM +0200, Hendrik Weimer wrote:
> Suppose a server performs password checking by
>
> strncmp(user_supplied_password, password_stored_in_database, size).
>
> Now strncmp does its comparison by subsequently comparing parts of the
> two strings. Since OProfile allows profiling other users' processes a
> local attacker can see after how many parts the two strings differ. He
> knows which parts of his entered string are correct and therefore can
> greatly reduce the key space.
>
> Even though this example is a bit far-fetched, I think you'll get the
> idea. Real world attacks would probably be directed at cryptographic
> keys, e.g. in the spirit of [1].
Whilst theoretically /possible/ I seriously doubt that this is
achievable due to the way profiling works in OProfile.
> Probably the best solution would be to restrict reading
> /var/lib/oprofile/samples/current/{$USER}/ to $USER.
There is no such thing and there cannot be.
regards
john
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
