On Fri, 5 May 2006, Damien Miller wrote:
> On Thu, 4 May 2006, Eric Ziegast wrote:
>
> > An 3l33t hacker might figure out that all he/she had to do was
> > modify the magic number to get their program to run, but most people
> > (including script kiddies) wouldn't figure it out, give up, and move
> > on to softer targets.
>
> Typical security-through-obscurity junk. If a hacker cared, then they
> would figure it out pretty quickly and it the ones who care that you
> have to worry about.
>
> In its stronger form of "cryptographically signed binaries", this idea
> isn't so effective either: all an attacker has to do is find *one* code
> execution vulnerability *anywhere* on your system and they are back
> to running arbitrary programs. Search phrack et al. for "userspace
> exec" shellcodes to see that exploiting this is still pretty close to
> script-kiddie levels of difficulty.
Yeah, I agree, but a lot of people do not see that. There are these links
in many people's head that say:
signed executable can be trusted
trusted executables are safe
And drawing wrong conclusions from that. Effectively they are saying:
signing an executable will make the exploitable bugs go away
Now that's magic!
-Otto
