On Tue, 20 Mar 2007 13:34:58 +0100, RaeNye <[EMAIL PROTECTED]> wrote:
I agree, but RB structure is already unsafe (security-wise) with no
memory
protection, a cooperative kernel and unsigned binary overlays
I agree, there's propably better attack vectors... but then again, rockbox
code is usually downloaded from the rockbox website, but I would download
a theme from somewhere else. Here is the attack
- user downloads malicous WPS from somewhere (not necesseraly rockbox.org)
- user installs WPS, selects it on player
- player crashes, executes WPS code, writes an autorun to root directory
- user plugs player into usb, gets trojan from autorun
- rockbox gets lots of publicity ;)
ok, i know this is stupid. There could also be some overflow in one codec,
so playing a song does the same to rockbox. As long as rockbox doesnt
speak TCP/IP, it can afford to have "optimistic security" :)
Anyway, assuming that when loading a WPS we first check if the compiled
binary is valid (by date and by source hash) the adversary needs to
create a source file with a given hash value.
If we do that, we should make sure the hashing is faster than the parsing
:)
Can we just check the timestamp? I think windows sets it, i dont know how
many linux distros mount usb devices with noxtime, X in {a,m,c} (or
whatever
it was).
But I'll shut up now. I heard the google talk about poisonous ppl and i
dont
want to be one of them.
Kosta
