Per the article, some bug in Freenet's anonymity exists. How 'bout it people? Anyone have an idea where the flaw might be?
Yup !
how does Freenet index stuff? Where's the hole????
It's not a hole, per se. Freenet is, and always has been, based on a search structure whose global properties can be inferred locally. It's not because of a misimplementation, there *never was* any property of the algorithm which would prevent this being the case.
You're only protecting the return address, not the remainder of the stack frame. Since a large proportion of the variables in any C program are pointers, there's a very good chance that you have a pointer later in the frame, and libsafe isn't going to prevent anyone from overflowing the buffer and overwriting it.
If you have access to a pointer to a buffer, or to a pointer which, after a some number of dereferences, leads to a buffer, then you have control over the address of that buffer, which permits you to then perform a subsequent stack smashing without the need for buffer overruns. In fact, the second target doesn't even really need to be a buffer, just any variable you have the power to set.
Not the great advance in security we were hoping for, I think.
--
There's just one teeny-weeny snag with this grand scheme for a censorproof network...
... it doesn't work.
The freenet search algorithm leaks information so badly that *any single node* can: Ascertain the topology of the network. Deduce the IP address of any node. Determine the contents of any node.
In short, you really don't want to trust your future to Freenet. You would have a better chance at avoiding prosecution if you just wrote your name and address on the data and posted it to the police.
Slashdot Mirror
This isn't going to do much good, is it ?
You're only protecting the return address, not the remainder of the stack frame. Since a large proportion of the variables in any C program are pointers, there's a very good chance that you have a pointer later in the frame, and libsafe isn't going to prevent anyone from overflowing the buffer and overwriting it.
If you have access to a pointer to a buffer, or to a pointer which, after a some number of dereferences, leads to a buffer, then you have control over the address of that buffer, which permits you to then perform a subsequent stack smashing without the need for buffer overruns. In fact, the second target doesn't even really need to be a buffer, just any variable you have the power to set.
Not the great advance in security we were hoping for, I think.--
There's just one teeny-weeny snag with this grand scheme for a censorproof network...
... it doesn't work.
The freenet search algorithm leaks information so badly that *any single node* can: Ascertain the topology of the network.Deduce the IP address of any node.
Determine the contents of any node.
In short, you really don't want to trust your future to Freenet. You would have a better chance at avoiding prosecution if you just wrote your name and address on the data and posted it to the police.
--