Security
Trackerless torrents
The BitTorrent file sharing system is in the news this week for a couple of reasons. The first of those is that BitTorrent has announced a beta with "Trackerless" publishing, which allows users to share files without maintaining a centralized tracker. The protocol is also in the news, predictably, due to the release of "Star Wars III: Revenge of the Sith." The Motion Picture Association of America (MPAA) has used the publicity around the movie to launch another attack on BitTorrent. Predictably, "Sith" did end up being available via BitTorrent, and 20th Century FOX is already issuing takedown notices to ISPs.The trackerless technology is also getting attention as a tool to share illegal content, with no mention of the legitimate uses of BitTorrent. Given the coverage of "trackerless" BitTorrents so far, some might think that offering a "trackerless" BitTorrent would prevent detection by companies like BayTSP. However, "trackerless" is a far cry from anonymous. While a tracker site presents an obvious target for entertainment industry lawyers, there's nothing about so-called trackerless publishing that prevents detection.
As one might have surmised already, trackerless is actually a misnomer. In
fact, as the BitTorrent press release acknowledges, it's actually a
"lightweight tracker." To share a "trackerless" file, a user
generates a .torrent file in much the same way that one would generate a
normal .torrent tracker. This file still need to be published via a website
and public Internet connection. As the BitTorrent page says, "Anyone
with a website and an Internet connection can host a BitTorrent
download!
"
Individuals who share files using trackerless BitTorrent may have a better
chance of flying under the radar, and once a file has been shared by the
original owner there's no need for that user to maintain their tracker, but
it's not anonymity.
BitTorrent isn't the first to offer trackerless support. The Azureus project, for example, also offers an "embedded tracker" that allows users to share torrents directly. However, the two technologies seem to be incompatible at the moment.
The trackerless system is more convenient for users who are looking to share content legally. Once a user has seeded the network with a file, there's no need for that user to continue hosting their tracker, though this also makes the trackerless system less reliable than having a centralized tracker.
It should also be noted that users should think twice before sharing movies, music or other content illegally. The entertainment industry has traditionally gone after uploaders only, but BitTorrent users who share files are uploaders as well as downloaders.
While LWN would not encourage sharing copyrighted material illegally, there are alternatives for users who want to remain anonymous for other reasons. For example, the Electronic Frontier Foundation has sponsored development of an anonymous system called Tor, which can be used for browsing, publishing, SSH and BitTorrent. We'll be looking at Tor on this page within the next couple of weeks.
New vulnerabilities
cdrdao: local root vulnerability
| Package(s): | cdrdao | CVE #(s): | CAN-2002-0137 CAN-2002-0138 | ||||
| Created: | May 19, 2005 | Updated: | May 25, 2005 | ||||
| Description: | The cdrdao CD burning utility has two vulnerabilities. Local users can use the show-data command to read arbitrary files, and local users can overwrite arbitrary files via a symlink attack on the ~/.cdrdao config file. This can be exploited to gain root privileges. | ||||||
| Alerts: |
| ||||||
cheetah: untrusted module search path
| Package(s): | cheetah | CVE #(s): | |||||
| Created: | May 19, 2005 | Updated: | May 25, 2005 | ||||
| Description: | Cheetah, a Python template engine and code generator, has a vulnerability in the module importing code that can be used by a local user to gain escalated privileges. | ||||||
| Alerts: |
| ||||||
gdb: multiple vulnerabilities
| Package(s): | gdb | CVE #(s): | CAN-2005-1704 CAN-2005-1705 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | May 20, 2005 | Updated: | August 11, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl | CVE #(s): | CAN-2005-1349 | ||||||||
| Created: | May 20, 2005 | Updated: | January 27, 2006 | ||||||||
| Description: | Mark Martinec and Robert Lewis discovered a buffer overflow in Convert::UUlib (before 1.051), a Perl interface to the uulib library, which may result in the execution of arbitrary code. | ||||||||||
| Alerts: |
| ||||||||||
Net-SNMP: fixproc insecure temporary file creation
| Package(s): | net-snmp | CVE #(s): | CAN-2005-1740 | ||||||||||||
| Created: | May 23, 2005 | Updated: | July 13, 2005 | ||||||||||||
| Description: | The fixproc application of Net-SNMP creates temporary files with predictable filenames. | ||||||||||||||
| Alerts: |
| ||||||||||||||
OpenSSL: information leak
| Package(s): | openssl | CVE #(s): | CAN-2005-0109 | ||||||||||||||||||||
| Created: | May 23, 2005 | Updated: | October 11, 2005 | ||||||||||||||||||||
| Description: | Hyper-Threading technology, as used in FreeBSD other operating systems and implemented on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. See this LWN article for more information. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
pam: local vulnerability
| Package(s): | pam | CVE #(s): | CAN-2003-0388 | ||||
| Created: | May 19, 2005 | Updated: | May 25, 2005 | ||||
| Description: | The pam_wheel module has a vulnerability involving the proper manipulation of the /var/log/lastlog entry for users with high UID numbers. Local users can use this to spoof the getlogin() username and obtain root privileges. | ||||||
| Alerts: |
| ||||||
ppxp: missing privilege release
| Package(s): | ppxp | CVE #(s): | CAN-2005-0392 | ||||||||
| Created: | May 19, 2005 | Updated: | July 5, 2005 | ||||||||
| Description: | The ppxp PPP program has a log file vulnerability that can allow the root privileges used by the software to remain active, enabling the opening of a root shell by a local user. | ||||||||||
| Alerts: |
| ||||||||||
Qpopper: multiple vulnerabilities
| Package(s): | qpopper | CVE #(s): | CAN-2005-1151 CAN-2005-1152 | ||||||||||||
| Created: | May 23, 2005 | Updated: | May 26, 2005 | ||||||||||||
| Description: | Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users (CAN-2005-1151). The upstream developers discovered that Qpopper can be forced to create group or world writeable files (CAN-2005-1152). | ||||||||||||||
| Alerts: |
| ||||||||||||||
Page editor: Jonathan Corbet
Next page:
Kernel development>>