Re: Clarification: LD_PRELOAD issue

From: Kragen Sitaker (kragenat_private)
Date: Fri May 14 1999 - 14:28:42 PDT

Next message: Vincent Janelle: "Re: At Ease 5.0 Security Hole"

Previous message: Przemyslaw Frasunek: "Re: fts, du, find"
Maybe in reply to: David F. Skoll: "Clarification: LD_PRELOAD issue"
Next in thread: John Daniele: "Re: Clarification: LD_PRELOAD issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A Mr. Skoll writes:
> Now, any license manager can be spoofed, from as blunt an attack as
> changing the system time to sophisticated reverse-engineering attacks
> on the license manager binary.  The issue is to prevent "cheap"
> attacks -- if attacking the license manager is expensive enough,
> people won't bother (or they'll find other avenues of attack. :-))
>
> Changing the system time introduces all kinds of problems, so most
> potential license abusers won't do it.  A two-line shell script with a
> 6-line C program is a very cheap attack on a dynamically-linked
> license manager daemon.  Attacking a statically-linked license manager
> binary is quite a bit more expensive, and should greatly reduce the
> incentive for an attack.

This logic is utter nonsense when applied to programs.

It makes sense when applied to safes or encrypted messages.  If a
single safe takes 20 hours to break into, a thousand of them will take
20,000 hours to break into.

It does not make sense when applied to software.  If a single program
takes 20 hours to break into (quite a liberal estimate for most
copy-protection), then it will take perhaps another half hour to post
the exploit, and then ten minutes each to apply the fix to the other
thousand copies of the program, for a total of about 187 hours.

And static linking doesn't take care of it, either; root still can load
kernel modules to put each application in a different 'time zone', for
example, and running the license manager under a debugger that traps
calls to the time() function is also no big deal, and works fine even
if the program is statically linked.

In short: your battle is in vain, and the futile measures you employ in
it hurt the rest of us.  They hurt our system security, reliability,
and performance.  Your needs (treat the kernel and root as potential
crackers) are in direct opposition to those of us who wish to run
secure systems.

--
<kragenat_private>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
TurboLinux is outselling NT in Japan's retail software market 10 to 1,
so I hear.
-- http://www.performancecomputing.com/opinions/unixriot/981218.shtml

Next message: Vincent Janelle: "Re: At Ease 5.0 Security Hole"
Previous message: Przemyslaw Frasunek: "Re: fts, du, find"
Maybe in reply to: David F. Skoll: "Clarification: LD_PRELOAD issue"
Next in thread: John Daniele: "Re: Clarification: LD_PRELOAD issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:03 PDT