On 30/01/18 23:43, Rich Freeman wrote:
If you had some program that listened on a socket and accepted a length and a string and then did a bounds check using the length, it might be exploitable if a local process could feed it data. Even if the process only listened for outside connections it might be vulnerable if a local process colluded with a remote host to make that connection.
Well, if you're running a local process that is trying to attack you, you've been compromised already, imo.
Local processes are always trusted. If Spectre is a vulnerability that can be exploited by trusted code, it's not really a vulnerability. Trusted code is called "trusted" for a reason.
So, unless you're running some kind of server that offers execution time to clients (the clients are untrusted then), there's not many instances of Spectre actually being relevant. Amazon and Google etc might be running around currently like headless chickens, but for desktop home users, Spectre does not seem to have far reaching implications once you've patched the kernel and the few packages that run untrusted code.
