Re: [PD] denial of service attack
WHY Date: Fri, 16 Oct 2009 08:06:53 +0100 From: claudiusmaxi...@goto10.org To: pd-list@iem.at Subject: [PD] denial of service attack Greetings, Having failed to sleep I constructed a tiny example patch that might crash your Pd or worse. It's based on the XML Entity Explosion attack, but I was initially inspired by some recent exponential type-checking time discussion on the Haskell mailing lists. Claude -- http://claudiusmaximus.goto10.org _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/167688463/direct/01/___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
Exponentials are nature's trees, you have to learn to drive around them. This is a signpost. On Fri, 16 Oct 2009 08:12:14 +0100 Andrew Faraday jbtur...@hotmail.com wrote: WHY Date: Fri, 16 Oct 2009 08:06:53 +0100 From: claudiusmaxi...@goto10.org To: pd-list@iem.at Subject: [PD] denial of service attack Greetings, Having failed to sleep I constructed a tiny example patch that might crash your Pd or worse. It's based on the XML Entity Explosion attack, but I was initially inspired by some recent exponential type-checking time discussion on the Haskell mailing lists. Claude -- http://claudiusmaximus.goto10.org _ View your other email accounts from your Hotmail inbox. Add them now. http://clk.atdmt.com/UKM/go/167688463/direct/01/ ___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
On Fri, 16 Oct 2009, Andrew Faraday wrote: WHY Yeah, frankly, it's a lot easier to eat all RAM in other ways. #N canvas 0 0 450 300 10; #X obj 6 27 loadbang; #X obj 6 8 namecanvas z; #X obj 6 46 until; #X msg 6 65 \; z obj 0 0 table foo 1000; #X connect 0 0 2 0; #X connect 2 0 3 0; _ _ __ ___ _ _ _ ... | Mathieu Bouchard, Montréal, Québec. téléphone: +1.514.383.3801___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
On Fri, Oct 16, 2009 at 2:01 PM, Mathieu Bouchard ma...@artengine.cawrote: On Fri, 16 Oct 2009, Andrew Faraday wrote: WHY Yeah, frankly, it's a lot easier to eat all RAM in other ways. #N canvas 0 0 450 300 10; #X obj 6 27 loadbang; #X obj 6 8 namecanvas z; #X obj 6 46 until; #X msg 6 65 \; z obj 0 0 table foo 1000; #X connect 0 0 2 0; #X connect 2 0 3 0; OK, you're all welcome to crash my pd but not to run hostile code on my machine. Now, we now that the code posted my Claude can eat up our RAM but can it write to an executable region or do other really nasty things? On the other hand - does a fresh copy of Vanilla or extended offer simple ways to run system commands? If yes, no odd stack overflow methods are needed to hack a system. Andras ___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
On Sat, 17 Oct 2009, András Murányi wrote: OK, you're all welcome to crash my pd but not to run hostile code on my machine. Now, we now that the code posted my Claude can eat up our RAM but can it write to an executable region or do other really nasty things? On the other hand - does a fresh copy of Vanilla or extended offer simple ways to run system commands? If yes, no odd stack overflow methods are needed to hack a system. Just [textfile] and [soundfiler] are enough to overwrite important files. A user's most important data is typically writable, and write-protected files are usually the files that are easy to reinstall from a DVD or whatever. And then writability is only one half of the problem when you can have your personal data uploaded to your enemies. This also goes for any other code one runs on your system. Max by default isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash interpreters by default aren't any safer, and there isn't any point in banning any of those if your four-year-old daughter still can download random EXE files and run them. And so on. _ _ __ ___ _ _ _ ... | Mathieu Bouchard, Montréal, Québec. téléphone: +1.514.383.3801___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
2009/10/17 Mathieu Bouchard ma...@artengine.ca On Sat, 17 Oct 2009, András Murányi wrote: OK, you're all welcome to crash my pd but not to run hostile code on my machine. Now, we now that the code posted my Claude can eat up our RAM but can it write to an executable region or do other really nasty things? On the other hand - does a fresh copy of Vanilla or extended offer simple ways to run system commands? If yes, no odd stack overflow methods are needed to hack a system. Just [textfile] and [soundfiler] are enough to overwrite important files. A user's most important data is typically writable, and write-protected files are usually the files that are easy to reinstall from a DVD or whatever. And then writability is only one half of the problem when you can have your personal data uploaded to your enemies. Or a worm/rootkit set up on your box. This also goes for any other code one runs on your system. Max by default isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash interpreters by default aren't any safer, and there isn't any point in banning any of those if your four-year-old daughter still can download random EXE files and run them. And so on. Indeed. What's worse, i download scripts from unknown dudes and run them root on a daily basis (most of them are makefiles ;o) Best way of protection is not to make anyone angry, and reading Kevin Mitnick. Andras ___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list
Re: [PD] denial of service attack
On Sat, 17 Oct 2009, András Murányi wrote: 2009/10/17 Mathieu Bouchard ma...@artengine.ca Just [textfile] and [soundfiler] are enough to overwrite important files. A user's most important data is typically writable, and write-protected files are usually the files that are easy to reinstall from a DVD or whatever. And then writability is only one half of the problem when you can have your personal data uploaded to your enemies. Or a worm/rootkit set up on your box. if a user has a single non-root account in which s/he does as many things as possible, then there's not many important things that you can only do as root. therefore rootkits have limited usefulness. it's still a VERY good idea to avoid rootkits, but gaining root isn't making the difference between stealing an addressbook or not, it isn't making the difference between rm -rf ~ or not, and it doesn't make the difference between running a spambot or not. Indeed. What's worse, i download scripts from unknown dudes and run them root on a daily basis (most of them are makefiles ;o) Well, I'm sure you trust your OS provider a lot more than random fictitious people sending you YourDocument.ZIP.EXE that are associated with application /usr/bin/wine... _ _ __ ___ _ _ _ ... | Mathieu Bouchard, Montréal, Québec. téléphone: +1.514.383.3801___ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management - http://lists.puredata.info/listinfo/pd-list