> From: Tom Metro [mailto:[email protected]] > > I think the attack vector would be along the lines of an attacker > identifying one or more blocks of a privileged executable, creating > replacement blocks that have both malicious code and cause a hash > collision. They write the blocks to disk, and after the executable > restarts, they have control.
Yup, interesting. It would be pretty difficult, however, because (a) identifying such an exploitable collision is so difficult, and (b) whichever data got written to disk first would be the copy that "wins." Meaning - The attacker could not look at an existing filesystem and then try to corrupt something that already exists. They would have to predict that an admin is going to install something, find the corrupted version of something, get the corrupted version onto disk first, and then get the admin to create what they think is a non-corrupted thing. Difficult, but certainly not impossible if verification is disabled. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
