|
|
|
|
|
|
by mannykannot
3318 days ago
|
|
|
Perhaps the talk[1] given by Bryan Cantrill in 2015, and mentioned in footnote 1 of the article, may have alerted someone to the possibility that there might be something exploitable here? In addition, any of the other online discussions of madvise(,,MADV_DONTNEED), mentioned in that talk, may have attracted someone's interest. This exploit seems to lie at the intersection of several things that I guess might indicate a higher-than-average risk of exploitability: shared memory, special provisions for debugging access to running processes, complicated and unintuitive (if not broken) semantics, and concurrency. [1] https://www.youtube.com/watch?v=bg6-LVCHmGM&feature=youtu.be... |
|
|
I think this is a great general rule. Any one of these things is a reason to tread lightly. All of them at once? Here be dragons.