[tor-talk] "drop all vulnerable relays from the consensus"
Marsh Ray
marsh at extendedsubset.com
Mon May 16 15:34:56 UTC 2011
On 05/15/2011 03:38 PM, tagnaq wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> "If someone publishes or demonstrates a code-exec exploit [...] we
> should drop all vulnerable relays from the consensus" [1]
>
> - - Does Tor provide Authority Directories with an easy way to reject/drop
> relays from the consensus based on the platform string or is this only
> possible based on FP or IP?
>
> - - How will Directory Authorities determine if a relay is "vulnerable"?
> (inspecting the platform string only)?
Once the attacker has code execution he can patch it to emit whatever
version string is necessary.
We see this with Windows botnets which will sometimes, immediately after
infection, patch the vulnerability they used to come in on. They may
also un-patch some other vulnerability (reinstalling the original
vulnerable signed code) in such a way that the OS still thinks it's
applied the update.
Of course, none of this is an argument against kicking off
known-vulnerable clients.
- Marsh
More information about the tor-talk
mailing list