1 |
On 01/31/2018 04:16 AM, Nikos Chantziaras wrote: |
2 |
|
3 |
> On 30/01/18 23:43, Rich Freeman wrote: |
4 |
>> If you had some program that listened on a socket and accepted a |
5 |
>> length and a string and then did a bounds check using the length, it |
6 |
>> might be exploitable if a local process could feed it data. Even if |
7 |
>> the process only listened for outside connections it might be |
8 |
>> vulnerable if a local process colluded with a remote host to make that |
9 |
>> connection. |
10 |
> |
11 |
> Well, if you're running a local process that is trying to attack you, |
12 |
> you've been compromised already, imo. |
13 |
> |
14 |
> Local processes are always trusted. If Spectre is a vulnerability that |
15 |
> can be exploited by trusted code, it's not really a vulnerability. |
16 |
> Trusted code is called "trusted" for a reason. |
17 |
I wouldn't classify for instance running a multiplayer game in a VM as |
18 |
"trusted" code, the whole point of hardware virtualization is that you |
19 |
don't have to trust what is being executed there. |
20 |
|
21 |
Not to mention the issue with most websites requiring javascript for no |
22 |
reason to function properly. |