[Arm-netbook] Meltdown and Spectre

Adam Van Ymeren adam at vany.ca
Fri Jan 5 02:32:42 GMT 2018


Hendrik Boom <hendrik at topoi.pooq.com> writes:

> On Thu, Jan 04, 2018 at 06:13:45PM -0500, Adam Van Ymeren wrote:
>> Louis Pearson <desttinghimgame at gmail.com> writes:
>> 
>> > Has anybody else seen the recently published exploits Meltdown and Spectre?
>> > Here's a link: https://meltdownattack.com/
>> 
>> The thing about Meltdown/Spectre is that they're really only problems if
>> you rely on sandboxing to run untrusted code.
>
> It doesn't care whether you sandbox.  It makes a privilege escalation 
> possible.  If untrustworthy code runs with few privileges, it can 
> exfiltrate enough information to accomplish a privilege escalation.  The 
> point of mentioneing the sandbox is simply that the sandbox doesn't 
> help.

Yeah I didn't phrase that quite right.  I meant that these vulnerabilites
make it impossible to sandbox malicious code.

>
> Of courses it doesn't matter if you trust the code.  It matters if it is 
> trustworthy.

Indeed.



More information about the arm-netbook mailing list