funsec mailing list archives
Re: Ilfak's interview is being slashdotted
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Fri, 06 Jan 2006 19:18:17 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Pierre Vandevenne wrote:
Good Afternoon, I am still amazed at the level of confusion around this one btw... The fix was not a patch in the usual sense of the term. It may sound like a rethorical distinction, but it isn't: no windows files were modified by applying the fix.
It is not a patch in the sense of the word that Microsoft uses. The narrow meaning of "patch" to imply on-disk code excludes quite a few things that the community generally defines as "patches". It is not uncommon to hear things referred to as "patches" if they alter the path of execution of existing code, be that via data manipulation or code manipulation, in-memory or on-disk. Therefore, any form of hook or inline code alteration is a "patch" in the broader sense that it alters the proscribed functionality of a distinct piece of code (the GDI). Strictly speaking, Microsoft's fix (MS06-001) is a build-time patch, while Ilfak's fix (from Hexblog) is a run-time patch.
At the conceptual level, what the fix did isn't very different from what early DOS TSRs did when they hooked an interrupt vector.
Which was technically a "patch" in the sense that it altered the function of the original code.
At the practical level, what the fix did isn't very different from what anti-virus and other utilities did to intercept the automatic execution of macros in Word documents before Microsoft did it. (and disabling automatic macro execution did break a lot of functionality for quite a few people).
While we generally use the term "hook" to describe that kind of functionality, it is still, technically speaking, a patch, as far as I'm concerned. I don't think it's a confusing statement, particularly since most people deploying it probably didn't care for the details of how the fix was installed. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDvxbZfp4vUrVETTgRAxGSAKCFwlFyWH3WOhwe4vDh2jA9eE4SAwCfQNnZ CxIMbhE3y9j9gQ0pqSlykaM= =KwqM -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ilfak's interview is being slashdotted Gadi Evron (Jan 06)
- Re: Ilfak's interview is being slashdotted Pierre Vandevenne (Jan 06)
- Re: Ilfak's interview is being slashdotted Jon O. (Jan 06)
- Re[2]: Ilfak's interview is being slashdotted Pierre Vandevenne (Jan 06)
- Re: Ilfak's interview is being slashdotted Matthew Murphy (Jan 06)
- Re: Ilfak's interview is being slashdotted Jon O. (Jan 06)
- <Possible follow-ups>
- Re: Ilfak's interview is being slashdotted Fergie (Jan 06)
- Re: Ilfak's interview is being slashdotted Pierre Vandevenne (Jan 06)