Hendrik Boom <[email protected]> writes: > On Thu, Jan 04, 2018 at 06:13:45PM -0500, Adam Van Ymeren wrote: >> Louis Pearson <[email protected]> writes: >> >> > Has anybody else seen the recently published exploits Meltdown and Spectre? >> > Here's a link: https://meltdownattack.com/ >> >> The thing about Meltdown/Spectre is that they're really only problems if >> you rely on sandboxing to run untrusted code. > > It doesn't care whether you sandbox. It makes a privilege escalation > possible. If untrustworthy code runs with few privileges, it can > exfiltrate enough information to accomplish a privilege escalation. The > point of mentioneing the sandbox is simply that the sandbox doesn't > help.
Yeah I didn't phrase that quite right. I meant that these vulnerabilites make it impossible to sandbox malicious code. > > Of courses it doesn't matter if you trust the code. It matters if it is > trustworthy. Indeed. _______________________________________________ arm-netbook mailing list [email protected] http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to [email protected]
