Arbitrary code execution is not arbitrary javascript execution
And you said you were a professional!
Surur
10 Things that "Absolutely suck" about the iPhone. (Yes I have one)
- Thread starter surur
- Start date
- Status
Arbitrary code execution is not arbitrary javascript execution
And you said you were a professional!
Surur
Arbitrary code execution is not arbitrary javascript execution
And you said you were a professional!
Surur
You are making my point. I've seen nothing revealed about CRASHES causing arbitrary code execution.
The only exploit those guys announced had to do with you going to a webpage that does NOT cause a crash, but which allows running of arbitrary code. The way they do this had to do with, apparently, a buffer overflow caused by executing arbitrary javascript or some other html structure, or somehow screwing with the networking stack. In the end, it required a bogus access point, cross-site scripting, or some other way to get you to the bad web page.
But, and here's the point: the only mention of "crash" comes in that language I quoted, which was speculation about other possible attacks. The "crash" discussion had nothing to do with arbitrary code or with root.
Again, I am concerned by your understanding of buffer overflows and how they work. Did you really do x64 work, or were you making that up?
I will try and explain it in simple language. A program receives data (e.g a web page or an mp3 etc) in a buffer. If the programmer did not put enough checks in, the data can over run the buffer the programmer prepared to accept the data. Thats a buffer overflow. This can commonly cause a crash.
However, if the data is specially crafted, the hacker may overrun registers which tell the OS which command to execute next. Execution passes to the code the hacker just injected into the buffer, and his code can do anything, including download further code for example, install a root kit, send 1000's of sms's to premium numbers etc.
Read more here. http://en.wikipedia.org/wiki/Buffer_overflow
Arbitrary code means arbitrary code. I assume your use of a mac at home explains your lack of education.
Surur
AnteL0pe
Well-known member
Yes i just spoke to someone at ATT and had it set up.
But I am not without a plan, thats the whole point. I have the plan, thats why its $.005. Stop making things up.
Wow, nice. The only thing more annoying than the fact that you have no idea what you are talking about is that you think you do.
Why don't you look up "protected page." On modern microprocessors, a memory page can be marked in various ways (read-only, etc.) One thing that is commonly done now (even on x86-64) is to mark a page as "code" or "data." You cannot execute code on a data page, and you cannot modify (via buffer overflow) a code page.
Yes, as I pointed out, x86 does not have such protections (while x86-64 does), but almost every other modern architecture (i assume ARM) does.
Thus if i overflow my buffer, all i can do is corrupt a data page. I can never actually execute any code i put into memory that way, as it is on a data page and the CPU will refuse to execute it.
x86 suffers from this problem because it was designed to permit self-modifying code, and mixed data/code pages. You may know of something called DEP (Data Execution Protection) that you can do in windows xp IF you are running on an x86-64 chip that supports it (like the one I designed). Any time you try to executed a data page, it kills the program and gives you a message. This is hardware level protection, and other processors have it too.
And, mr. expert, you don't "overrun registers." Registers are not the same thing as memory. Registers exist within the cpu, and you can't "overrun them" by overrunning a buffer. Buffers are arrays in memory.
And just because "buffer overflows" CAN cause a crash doesn't mean they necessarily allow arbitrary code to run. You are substituting your own paltry excuse for knowledge in place of actual references because you got caught making up what the exploit report said.
Apparently (at least some) ARM processors do support the sort of memory protection to which I have consistently referred:
http://www.arm.com/products/CPUs/ARM_Cortex-M3.html
See "Memory Protection Unit."
http://www.arm.com/products/CPUs/ARM_Cortex-M3.html
See "Memory Protection Unit."
Your faith in Apple is endearing, but exploitingiphone, acknowledged by Apple in that update, says the heap is executable.
http://64.233.183.104/search?q=cach...exploitingiphone.pdf&hl=en&ct=clnk&cd=1&gl=uk
Why do you assume Apple is using specific security features when everything so far demonstrates they dont?
Surur
Rumours rumours.
Wouldn't put much stock in it until real numbers come out; we're only 60 days until 1M units, right?
THe only one assuming is you. You assume there are no changes in the update that are not on the published list, despite the fact that we know that's not true. You assume(d) that:
- safari runs as root (even the paragraph above doesn't say that. it is talking about the network stack, not safari)
- if you run as root and crash, you necessarily can run arbitrary code (again, not true if protected memory features are used)
- registers are the same thing as memory
- you know more about microprocessor architecture than everyone else
If Apple is not using the security features available in the microprocessor, then shame on them. Based on the cited text, it appears that prior to this update they did not, at least not to the degree they should have. But unlike you, I don't just make assumptions. I look for actual facts and data to support a reasonable conclusion.
And your original statement was, to paraphrase:
safari still (unknown if there were changes) runs as root (not true. that's the network stack) and therefore a crash can lead to executing arbitrary code (a crash is not necessary to use a buffer overflow exploit, though buffer overflow exploits can be defeated entirely via hardware precautions.)
Unlike you, I never stated as fact that Apple hardware behaved a certain way. I simply pointed out that modern microprocessor generally support the protection to which i referred, found a source that showed that at least some ARM processors do support that hardware, and suggested that this meant that iphone could be immune from that particular kind of attack.
And, since you don't know the difference between a register and memory, i highly doubt you know what a "heap" is (though I'm sure you'll run over to the wikipedia to figure it out).
Isn't a "heap" the amount of cash you fork over to buy and use and iPhone?
Sorry, couldn't resist, but I for one am enjoying the ping pong....
cmaier, let go of the heap thing. I was just simplifying things for you.
Again, your faith in Apple is endearing. Safari runs as root.
No one said all crashes can be exploited, but a crash shows where the problems handling data are.
I dont know more than everyone about processors, but I sure seem to know more about security than you.
Surur
Let's stick to the people who actually managed an exploit rather than some random website which is guessing based on reading a crash log: http://www.securityevaluators.com/iphone/exploitingiphone.pdf
You quoted the language yourself. "the processes which handle networking" is not the same thing as "safari." It's the network stack.
"No one said all crashes can be exploited." You did:
Message 2146: "..meaning every crash is a potential arbitrary code execution" (go ahead and now overemphasize "potential")
Message 2157: "we now know...that the claim that a safari crash can lead to arbitrary code execution is real."
Message 2157: "the hackers who created the exploit said any safari crash is a potential exploit. Safari still crashes."
Message 2163: "if the data is specially crafted, the hacker may overrun registers...and his code can do anything."
At the very least, as your statements evolved, they evolved to the point of "any buffer overrun can be exploited."
And now you show further ignorance with "crash shows where the problems handling data are." Really? So all crashes are caused by "problems handling data?"
You don't know squat about security, microprocessors, operating systems, programming, or the iphone. Every time you open your own mouth and try to state something as fact as opposed to copying and pasting other people's complaints you show your ignorance.
You still haven't explained why when we know things have changed which were not on the official list, we should assume that nothing else security-related changed. I'm not assuming it has, I'm waiting for data, but you are assuming it hasn't.
"I was just simplifying things for you." Actually, it was the register thing, not the heap thing, and I can assure you you don't need to simplify for me. (And you're full of it. No one would simplify "memory" into "register." Who takes a generic term and turns it into a term-of-art to simplify something?)
You quoted the language yourself. "the processes which handle networking" is not the same thing as "safari." It's the network stack.
"No one said all crashes can be exploited." You did:
Message 2146: "..meaning every crash is a potential arbitrary code execution" (go ahead and now overemphasize "potential")
Message 2157: "we now know...that the claim that a safari crash can lead to arbitrary code execution is real."
Message 2157: "the hackers who created the exploit said any safari crash is a potential exploit. Safari still crashes."
Message 2163: "if the data is specially crafted, the hacker may overrun registers...and his code can do anything."
At the very least, as your statements evolved, they evolved to the point of "any buffer overrun can be exploited."
And now you show further ignorance with "crash shows where the problems handling data are." Really? So all crashes are caused by "problems handling data?"
You don't know squat about security, microprocessors, operating systems, programming, or the iphone. Every time you open your own mouth and try to state something as fact as opposed to copying and pasting other people's complaints you show your ignorance.
You still haven't explained why when we know things have changed which were not on the official list, we should assume that nothing else security-related changed. I'm not assuming it has, I'm waiting for data, but you are assuming it hasn't.
"I was just simplifying things for you." Actually, it was the register thing, not the heap thing, and I can assure you you don't need to simplify for me. (And you're full of it. No one would simplify "memory" into "register." Who takes a generic term and turns it into a term-of-art to simplify something?)
First, do you understand English? You understand potential, may, can, if etc? If so, how do you translate it into "all"? I started doubting your credentials, now I am doubting your intelligence.
Please dont go setting up straw men. And read up on fuzzing.
http://en.wikipedia.org/wiki/Fuzz_testing
Surur
The iPhone unintuitive and arkward? Maybe it needs a start menu...
http://forums.macrumors.com/showthread.php?t=33629
Surur
http://forums.macrumors.com/showthread.php?t=33629
Surur
Everything will be unintuitive and awkward to some people. The iPhone sounds very similar to a Treo in dealing with Google Maps, Blazer and YouTube (via Kinoma, which sucks btw). I agree that it would be nice to if YouTube, Google Maps, and Safari had some more integration, but specific widgets to get web content seems more efficient to me than doing everything within Safari.
Pearl_Diva
Well-known member
If they add enough firmware updates by Christmas, and one of them includes IM, OR there are rumors of another updated model(that's common with Apple) with more features, the iPhone will then be added to my list.
I never wrote the iPhone off entirely, it's just that the first edition is too limited for the price.
I never wrote the iPhone off entirely, it's just that the first edition is too limited for the price.
- Status
Similar threads
Trending Posts
-
-
The iMore 20K / 50K Post Challenge - Are you up for it?- Started by Jaguarr40
- Replies: 31K
-
-
-
Facebook
Twitter
Instagram