On 01/31/2018 04:16 AM, Nikos Chantziaras wrote:
On 30/01/18 23:43, Rich Freeman wrote:
If you had some program that listened on a socket and accepted a
length and a string and then did a bounds check using the length, it
might be exploitable if a local process could feed it data. Even if
the process only listened for outside connections it might be
vulnerable if a local process colluded with a remote host to make that
connection.
Well, if you're running a local process that is trying to attack you,
you've been compromised already, imo.
Local processes are always trusted. If Spectre is a vulnerability that
can be exploited by trusted code, it's not really a vulnerability.
Trusted code is called "trusted" for a reason.
I wouldn't classify for instance running a multiplayer game in a VM as
"trusted" code, the whole point of hardware virtualization is that you
don't have to trust what is being executed there.
Not to mention the issue with most websites requiring javascript for no
reason to function properly.