> On Jul 28, 2017, at 2:46 PM, petern <peter.nichvolo...@gmail.com> wrote:
> 
> The attack vector is described well enough.  A penetration search harness
> would work directly from predictable accesses to the published key
> constants as mapped into process address space.  [Full ASLR decoding, see
> the paper, isn't needed for this.]   These well advertised accesses "light
> up" otherwise randomized program and stack layouts very well since there is
> no access for any other purpose.   CPU security might prevent directly
> forging pseudo-null pointers but they are as observable as subtype pointers
> and leak more address space layout information.

You’re getting _closer_ to something a non-expert could understand, but you’re 
not there yet. Keep trying, please.

It would help if you described what the attack requires, and what it would 
allow the attacker to do. Reading between the lines, I think you’re assuming 
the attacker is already able to read the process’s address space. The rest of 
us here are saying that, in that case, as far as we’re concerned the attacker 
has already won. And I don’t understand how this pointer feature would help 
such an attacker get any further.

—Jens
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to