[john_teller02]

These two bugs (Meltdown and Spectr) are really very speculative things. It is like when human beings became aware of astroid orbits they thought that earth is in danger of being hit by one. Now that is indeed a theoritical possibility but what are the chances? These two bugs have been existent for 20 years and there is no known exploits of them. In the GitHub demos also they mention that the demos will work only if "For this demo, you either need the direct physical map offset (e.g. from demo #2) or you have to disable KASLR by specifying nokaslr in your kernel command line." - So you basically start with a broken system to exploit these bugs.

[firethief]

This is literally a PoC. It's too late for the standard "I can't imagine how to exploit this so surely it cannot be done" fallacy. You are looking at an example of how to do it.

[hannasanarion]

If you don't know the difference between the existence of an earthbound asteroid and the existence of people who write computer viruses, I don't know what to tell you.

[odonnellryan]

What's the name for this logical fallacy? You see this shit all the time.

[tedunangst]

I like false equivocation.

[anarazel]

"Bullshitting"?

[Skunkleton]

Its like circular logic on steroids. Parent is using the word "speculative" to discredit the vulnerabilities that use speculative execution.

[mark-wagner]

Probably false analogy.

[andylei]

> For this demo, you either need the direct physical map offset (e.g. from demo #2)

as in, demo #2 is a working exploit to get this map

[dsfyu404ed]

>These two bugs have been existent for 20 years and there is no known exploits of them.

They don't exactly leave behind a lot of telltale signs.

This is also the kind of bug that is so broad (read access to everything on almost any machine you can execute code on) that a large subset of those equipped to discover it would have kept their mouths shut.

> So you basically start with a broken system to exploit these bugs.

A lot of systems were broken in the time before KASLR came along

[voidmain]

Attacks are not asteroids: attackers constantly improve them to bypass improved defenses, and the "improbability" of an attack is no defense. Bypassing KASLR with these attacks is easy and real attackers will do it.

[abritinthebay]

I think you're being harshly down-voted without people explaining why.

For a start - this is hardly a remote possibility when we already have proof of concepts like the linked repo.

Secondly - your analogy makes no sense. The only way to make it make sense is add that we also know there is an entire spacefaring group of mercenaries whose entire hobby and/or job is deliberately throwing asteroids in Earths general direction.

[Skunkleton]

> The only way to make it make sense is add that we also know there is an entire spacefaring group of mercenaries whose entire hobby and/or job is deliberately throwing asteroids in Earths general direction.

Maybe there is, but they are hilariously incompetent?

[logfromblammo]

Nah, they're really far away, and there's an accumulated round-off error in their distance conversion between bloits (used by the client) and metrons (used by the subcontractor), so they're shooting at a target a quarter of a light-year away, and won't realize it for another 500 years.

[Skunkleton]

Bureaucracy to the rescue!

[abritinthebay]

This sounds like a new BlackAdder pitch...

"Sir, I have a cunning plan" "Does it involve that legion of rabid space weasels again?" "... maybe."

[Skunkleton]

As long as I can retire to my great big turnip in the country when it is all over I am happy.

[philsnow]

you're being downvoted but the first non-trivial program `./kaslr` fetches the physical map offset of the running kernel: https://github.com/IAIK/meltdown/#demo-2-breaking-kaslr-kasl...

Note they do say

> This demo uses Meltdown to leak the (secret) randomization of the direct physical map. This demo requires root privileges to speed up the process. The paper describes a variant which does not require root privileges.

but I don't know how much allowing it to sudo speeds up the process.