[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "drop all vulnerable relays from the consensus"



On 05/15/2011 03:38 PM, tagnaq wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

"If someone publishes or demonstrates a code-exec exploit [...] we
should drop all vulnerable relays from the consensus" [1]

- - Does Tor provide Authority Directories with an easy way to reject/drop
relays from the consensus based on the platform string or is this only
possible based on FP or IP?

- - How will Directory Authorities determine if a relay is "vulnerable"?
(inspecting the platform string only)?

Once the attacker has code execution he can patch it to emit whatever version string is necessary.

We see this with Windows botnets which will sometimes, immediately after infection, patch the vulnerability they used to come in on. They may also un-patch some other vulnerability (reinstalling the original vulnerable signed code) in such a way that the OS still thinks it's applied the update.

Of course, none of this is an argument against kicking off known-vulnerable clients.

- Marsh
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk