Techly NewsGet the app

Get the latest tech news

Cross-Process Spectre Exploitation


In this blog, researcher Johannes Wikner details the first end-to-end cross-process Spectre exploit against a real userland target.

Unlike OS-kernels, which are packed with 1000s of lines of code to select the appropriate mitigations to fend off cross-privilege Spectre attacks, user programs do nothing --- even if they run as root and manage sensitive information (e.g., OpenSSH, sudo, polkit). While it would be cool (and certainly not impossible) to leak information from a co-tenant VM with this primitive, it appears easier to prove the impact of the vulnerability by targeting context switches between processes. polkit-agent-helper-1 is not meant to be run by humans, but reading its source code shows that it takes two arguments: the user to authenticate as (we will use root, of course) and a "cookie", which we don't really care about.

Get the Android app

Or read this on Hacker News

« The Disinformation Warning Coming From the Edge of Europe
PhotoDNA »