On 12/6/19 7:19 PM, Kevin Kofler wrote:
Lennart Poettering wrote:
> If you know where stuff is located you can change individual blocks in
> files. You are not going to know what you are changing them to, but
> you can change it and traditional files will not detect that you did that.
Then you get unpredictable garbage as the result, which is useless if your
goal (as the attacker) is to plant a trojan horse that steals encrypted data
while it is decrypted. (And of course, you cannot directly decrypt the data
either.) The only way to exfiltrate the data is to attack the system while
it is running (online).
It's like fuzzing: injecting garbage results in
unintended code paths
being taken, which is a stepping stone to gaining execution control. Of
course this happens when the system is started up, so it is a multi-step
process, but if you include that in your threat model you have to worry
about it.