On 05/15/2011 03:38 PM, tagnaq wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, "If someone publishes or demonstrates a code-exec exploit [...] we should drop all vulnerable relays from the consensus" [1] - - Does Tor provide Authority Directories with an easy way to reject/drop relays from the consensus based on the platform string or is this only possible based on FP or IP? - - How will Directory Authorities determine if a relay is "vulnerable"? (inspecting the platform string only)?
Once the attacker has code execution he can patch it to emit whatever version string is necessary.
We see this with Windows botnets which will sometimes, immediately after infection, patch the vulnerability they used to come in on. They may also un-patch some other vulnerability (reinstalling the original vulnerable signed code) in such a way that the OS still thinks it's applied the update.
Of course, none of this is an argument against kicking off known-vulnerable clients.
- Marsh _______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk