QuicksearchDisclaimerThe individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.
Navigation |
Surrounded by exploitsFriday, January 3. 2014Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I somewhat disagree with the term “exploit” in this context, because it suggests that a security mechanism was successfully circumvented. Please keep in mind that you have to be able to send raw commands to the card, which means "root" access on the machine to which the card is currently connected to (in this case: send the non-standard command that tells the card to switch to a firmware upgrade mode of operation).
It's not different to “normal” firmware/BIOS/UEFI upgrades on machines (which can, and as the NSA has shown with the bugs allgedly able to hide in system-management mode, is being used to plant malware), only that Bunnie has been able to do it on a very obscure platform where changing firmware was considered impossible by most. The “exploit” we have to concern ourselves now with is a diffent one: Writers of filesystems have to keep in mind that (besides the always existing possibility of data corruption due to general bit rot) a devices we always assumed to be a dumb storage for data blocks might return something different to what was stored on it, and even read from it just previously, and additionally the returned data might be specifically crafted to confuse a safety mechanism. E.g. calculate a checksum, verify a file, and then read it again for execution might no longer be a good idea (some kind of TV, I think, was rooted with this method not long ago).
Last year I'd say I had no idea how many CPU's were in my home thanks to all the devices like “smart TVs” with CPU's in. Now thanks to stories like these and http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone I don't even know how many CPU's I have in my backpack/pockets.
The author does not allow comments to this entry
|
The LKSF bookThe book with the consolidated Less known Solaris Tutorials is available for download here
Web 2.0Contact
Networking xing.com My photos Comments
about Mon, 01.05.2017 11:21
Thank you for many interesting
blog posts. Good luck with al
l new endeavours!
about Fri, 28.04.2017 13:47
At least with ZFS this isn't c
orrect. A rmdir for example do
esn't trigger a zil_commit, as
long as you don't speci [...]
about Thu, 27.04.2017 22:31
You say:
"The following dat
a modifying procedures are syn
chronous: WRITE (with stable f
lag set to FILE_SYNC), C [...]
|