PolicyKit releases and !AWOL
Till Maas
opensource at till.name
Tue Dec 18 01:16:14 PST 2007
On Mo Dezember 17 2007, David Zeuthen wrote:
> On Mon, 2007-12-17 at 04:22 +0100, Michael Biebl wrote:
> > > No, but it makes it a lot harder; if you can read the file you can run
> > > strings(1) and ldd(1) on it; that alone is a lot of useful information.
> >
> > You can do that just as well with the binary that you extracted from
> > the deb/rpm.
> > So this point is not valid.
With rpm -qf /path/to/file, one gets the easily the information, from which
rpm the file is. There is also a similiar command on debian systems. Also one
can still see the filesize and timestamps of the file to identify the
package. And the deb/rpm may still be cached on the local filesystem, e.g.
in /var/cache/yum/updates/packages/.
> using strings(1), ldd(1) and other tools to find ways to attack it. It's
> more work for Mallory if he has to find the exact rpm/deb and analyze it
> offline.
Imho an offline analysis is normal and finding the rpm/deb is not so hard,
unless one does not use an rpm/deb package. But then, one still needs to use
patches that make exploiting the binary really harder.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/hal/attachments/20071218/8663f983/attachment.pgp
More information about the hal
mailing list