[PLUG] Finger Pointing

[Russell Senior]

>>>>> "Kristian" == Kristian Erik Hermansen <kristian.hermansen at gmail.com> writes:

Kristian> I finally got sick of hearing "suggestions" about what to do
Kristian> and broke our gdb, stepping through the VIX API myself,
Kristian> without debugging symbols.  It was a major pain, and took me
Kristian> a couple days just to figure out what was happening.  Well,
Kristian> in the end, I came to a startling conclusion.  At some
Kristian> strange points between certain VIX API calls, the connection
Kristian> handler would accidentally free an old pointer, disrupt the
Kristian> connection, and ultimately dereference a pointer to dead
Kristian> code (or invalid code).  When I got to the end of debugging,
Kristian> I found that the VIX API would call this function panic(),
Kristian> which would call panic_panic(), right before death of the
Kristian> process.  Now, to test my suspicions, I actually opened up
Kristian> libvmwarevix.so and patched the binary in place a few times
Kristian> to see if I could circumvent the bugs.  After a day of
Kristian> hacking around the possible places I thought that would case
Kristian> the issue, I struck gold, and found a way to patch it so
Kristian> that the incorrect dereferencing would not occur.  I tested
Kristian> the modified VMware VIX library shared object on our
Kristian> infrastructure, and it worked!

Heh.  This reminds me of the feeling I had while doing my survey of
MetroFi's network.  I kept thinking here I am, for no compensation,
doing at great effort what would be one or two orders of magnitude
easier for someone "on the inside", you know, someone with access to
management interfaces and stuff.  Why isn't the jackass on the inside
doing their job???


-- 
Russell Senior
russell at unwirepdx-watch.org
http://www.unwirepdx-watch.org