[GTALUG] python sweetness — The mysterious case of the Linux Page Table
Dhaval Giani
dhaval.giani at gmail.com
Thu Jan 4 00:10:38 EST 2018
On Wed, Jan 3, 2018 at 11:53 PM John Sellens via talk <talk at gtalug.org>
wrote:
> One could assert that the days of time sharing systems are largely over,
> at least on production systems that people care about.
>
> And I think it's fair to say that it has been good practice for quite
> some time to not allow random binaries to run on systems you care about.
>
> I have no idea whether hypervisors (like xen or esxi) are vulnerable.
> But the same guidelines can be applied to VMs running on hypervisors.
>
Xen and kvm are both affected.
> I wonder how exploitable this problem really is?
>
Meltdown already has some exploits around that I am seeing. I also believe
there is some poc code out there to exploit it. One of which I believe is
executing JavaScript in your web browser to get kernel space data.
Dhaval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20180104/45bdaab3/attachment.html>
More information about the talk
mailing list