On Thu, Jan 04, 2018 at 06:13:45PM -0500, Adam Van Ymeren wrote:
Louis Pearson desttinghimgame@gmail.com writes:
Has anybody else seen the recently published exploits Meltdown and Spectre? Here's a link: https://meltdownattack.com/
The thing about Meltdown/Spectre is that they're really only problems if you rely on sandboxing to run untrusted code.
It doesn't care whether you sandbox. It makes a privilege escalation possible. If untrustworthy code runs with few privileges, it can exfiltrate enough information to accomplish a privilege escalation. The point of mentioneing the sandbox is simply that the sandbox doesn't help.
Of courses it doesn't matter if you trust the code. It matters if it is trustworthy.
-- hendrik