[Arm-netbook] Meltdown and Spectre
Hendrik Boom
hendrik at topoi.pooq.com
Fri Jan 5 01:18:21 GMT 2018
On Thu, Jan 04, 2018 at 06:13:45PM -0500, Adam Van Ymeren wrote:
> Louis Pearson <desttinghimgame at gmail.com> writes:
>
> > Has anybody else seen the recently published exploits Meltdown and Spectre?
> > Here's a link: https://meltdownattack.com/
>
> The thing about Meltdown/Spectre is that they're really only problems if
> you rely on sandboxing to run untrusted code.
It doesn't care whether you sandbox. It makes a privilege escalation
possible. If untrustworthy code runs with few privileges, it can
exfiltrate enough information to accomplish a privilege escalation. The
point of mentioneing the sandbox is simply that the sandbox doesn't
help.
Of courses it doesn't matter if you trust the code. It matters if it is
trustworthy.
-- hendrik
More information about the arm-netbook
mailing list