[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] "drop all vulnerable relays from the consensus"
On 05/15/2011 03:38 PM, tagnaq wrote:
-----BEGIN PGP SIGNED MESSAGE-----
"If someone publishes or demonstrates a code-exec exploit [...] we
should drop all vulnerable relays from the consensus" 
- - Does Tor provide Authority Directories with an easy way to reject/drop
relays from the consensus based on the platform string or is this only
possible based on FP or IP?
- - How will Directory Authorities determine if a relay is "vulnerable"?
(inspecting the platform string only)?
Once the attacker has code execution he can patch it to emit whatever
version string is necessary.
We see this with Windows botnets which will sometimes, immediately after
infection, patch the vulnerability they used to come in on. They may
also un-patch some other vulnerability (reinstalling the original
vulnerable signed code) in such a way that the OS still thinks it's
applied the update.
Of course, none of this is an argument against kicking off
tor-talk mailing list