Not completely off-topic as it is about PTP, taken from here.https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-camerashttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5994https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5998https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5999https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6000https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6001Plus (off-topic), firmware update related vulnerability in both EOS and PowerShot firmwares...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5995
Hmm. I've always operated on the assumption that it's game over if the PTP host is compromised. CHDK is obviously vulnerable: PTP_CHDK_CallFunction PTP_CHDK_SetMemory, Lua poke and likely a lot of vulnerable Lua functions are all readily available. These could all be executed over PTP/IP too.I would be very surprised if there aren't more vulnerabilities in the Canon PTP code too.We could offer an option to disable CHDK PTP functionality, checking a conf setting and returning an error in handle_ptp would be easy.
QuoteWe could, although I'm not sure if it's worth it. The cameras only activate their wireless interface when the user enters the Wifi related dialogs. I find it hard to imagine that anyone (other than some 3-letter agencies and the like) will spend their time exploiting these firmware bugs. And only a very low percentage of cameras run CHDK.Yeah, this doesn't seem a high risk. OTOH, someone making a stink about "CHDK undoes Canon security fix" could be unfortunate.Thinking about it more, we could check the USB bit (in physw_status, not the hardware state) and only allow CHDK operations if its set. Since there's no working PTP/IP client for CHDK, having it off when USB is not present shouldn't be a problem (unless there's threading issues that make it drop out momentarily when kbd_task runs ). This could also be an option: CHDK PTP: [USB only, USB+wifi, off]If there's exposure when the camera is paired with a phone, that could be a bigger risk, but my impression is that's totally separate.QuoteI posted the links because the descriptions mention the problematic PTP handlers by name. And that we'll get to see the fixes (M3 and M10 are on the list).That could be interesting.
We could, although I'm not sure if it's worth it. The cameras only activate their wireless interface when the user enters the Wifi related dialogs. I find it hard to imagine that anyone (other than some 3-letter agencies and the like) will spend their time exploiting these firmware bugs. And only a very low percentage of cameras run CHDK.
I posted the links because the descriptions mention the problematic PTP handlers by name. And that we'll get to see the fixes (M3 and M10 are on the list).
OTOH, someone making a stink about "CHDK undoes Canon security fix" could be unfortunate.
I'm not rushing to upgrade.
Do you think this update makes working with CHDK more difficult?
I guess we'll find out when somebody turns up with an updated camera.
So you want a firmware dump from 1.0.1?
In the German DSLR Forum just wrote one that the camera went off while updating. Now, he can’t switch on.
I was dare to check and now I can confirm that downgrade from 1.2.1 to 1.0.1 is still available on EOS M3
Started by astahl General Help and Assistance on using CHDK stable releases
Started by pixueto DSLR Hack development
Started by waterwingz General Discussion and Assistance
Started by alex73 « 1 2 » General Discussion and Assistance
Started by lipefrs « 1 2 » Script Writing