[Arm-netbook] Meltdown and Spectre
Adam Van Ymeren
adam at vany.ca
Fri Jan 5 02:32:42 GMT 2018
Hendrik Boom <hendrik at topoi.pooq.com> writes:
> On Thu, Jan 04, 2018 at 06:13:45PM -0500, Adam Van Ymeren wrote:
>> Louis Pearson <desttinghimgame at gmail.com> writes:
>>
>> > Has anybody else seen the recently published exploits Meltdown and Spectre?
>> > Here's a link: https://meltdownattack.com/
>>
>> The thing about Meltdown/Spectre is that they're really only problems if
>> you rely on sandboxing to run untrusted code.
>
> It doesn't care whether you sandbox. It makes a privilege escalation
> possible. If untrustworthy code runs with few privileges, it can
> exfiltrate enough information to accomplish a privilege escalation. The
> point of mentioneing the sandbox is simply that the sandbox doesn't
> help.
Yeah I didn't phrase that quite right. I meant that these vulnerabilites
make it impossible to sandbox malicious code.
>
> Of courses it doesn't matter if you trust the code. It matters if it is
> trustworthy.
Indeed.
More information about the arm-netbook
mailing list