On Sun, Jan 07, 2018 at 03:14:10PM +0100, Borislav Petkov wrote: > On Fri, Jan 05, 2018 at 08:13:33AM +0100, Willy Tarreau wrote: > > I'm not fond of running the mitigations, but given that a few sysops can > > connect to the machine to collect stats or counters, I think it would be > > better to ensure these people can't happily play with the exploits to > > dump stuff they shouldn't have access to. > > So if someone exploits the "trusted" process, and then dumps all memory, > you have practically lost.
Exactly, but there's much more to gain by owning this process anyway in certain cases than just dumping a few hundreds of kernel bytes. That's where I consider that "trusted" is more "critical" than "safe" : if it dies, we all die anyway. Just like you have to trust your plane's pilot eventhough you don't know him personally. Willy
