A Mr. Skoll writes: > Now, any license manager can be spoofed, from as blunt an attack as > changing the system time to sophisticated reverse-engineering attacks > on the license manager binary. The issue is to prevent "cheap" > attacks -- if attacking the license manager is expensive enough, > people won't bother (or they'll find other avenues of attack. :-)) > > Changing the system time introduces all kinds of problems, so most > potential license abusers won't do it. A two-line shell script with a > 6-line C program is a very cheap attack on a dynamically-linked > license manager daemon. Attacking a statically-linked license manager > binary is quite a bit more expensive, and should greatly reduce the > incentive for an attack. This logic is utter nonsense when applied to programs. It makes sense when applied to safes or encrypted messages. If a single safe takes 20 hours to break into, a thousand of them will take 20,000 hours to break into. It does not make sense when applied to software. If a single program takes 20 hours to break into (quite a liberal estimate for most copy-protection), then it will take perhaps another half hour to post the exploit, and then ten minutes each to apply the fix to the other thousand copies of the program, for a total of about 187 hours. And static linking doesn't take care of it, either; root still can load kernel modules to put each application in a different 'time zone', for example, and running the license manager under a debugger that traps calls to the time() function is also no big deal, and works fine even if the program is statically linked. In short: your battle is in vain, and the futile measures you employ in it hurt the rest of us. They hurt our system security, reliability, and performance. Your needs (treat the kernel and root as potential crackers) are in direct opposition to those of us who wish to run secure systems. -- <kragenat_private> Kragen Sitaker <http://www.pobox.com/~kragen/> TurboLinux is outselling NT in Japan's retail software market 10 to 1, so I hear. -- http://www.performancecomputing.com/opinions/unixriot/981218.shtml
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:03 PDT