1 |
On 30/01/18 23:43, Rich Freeman wrote: |
2 |
> If you had some program that listened on a socket and accepted a |
3 |
> length and a string and then did a bounds check using the length, it |
4 |
> might be exploitable if a local process could feed it data. Even if |
5 |
> the process only listened for outside connections it might be |
6 |
> vulnerable if a local process colluded with a remote host to make that |
7 |
> connection. |
8 |
|
9 |
Well, if you're running a local process that is trying to attack you, |
10 |
you've been compromised already, imo. |
11 |
|
12 |
Local processes are always trusted. If Spectre is a vulnerability that |
13 |
can be exploited by trusted code, it's not really a vulnerability. |
14 |
Trusted code is called "trusted" for a reason. |
15 |
|
16 |
So, unless you're running some kind of server that offers execution time |
17 |
to clients (the clients are untrusted then), there's not many instances |
18 |
of Spectre actually being relevant. Amazon and Google etc might be |
19 |
running around currently like headless chickens, but for desktop home |
20 |
users, Spectre does not seem to have far reaching implications once |
21 |
you've patched the kernel and the few packages that run untrusted code. |