Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ZFS and block deduplication



On Apr 27, 2011, at 9:50 AM, Edward Ned Harvey wrote:
> 
> Difficult, but certainly not impossible if verification is disabled.

Unless there is something that I am missing, an attack of this sort is simple in an environment with automated updates.  Take a Debian system using cron-apt to install security updates.  I can identify what is currently installed with 'dpkg -l'.  From this and a mirror copy I can identify what will be installed during the next update.  Determining the update schedule is as simple as looking at /etc/crontab.  By default, anacron on Debian runs the cron.daily scripts at 6:25 AM.  So, with less than 2 minutes work I know what and when.  Now I can pick an executable that I know will be (re)started as root, and there are plenty to choose from.  Let's say apachectl.

The only difficulty is working up an exploit with a matching hash before 6:25 AM tomorrow.

--Rich P.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org