|
|
|
|
|
|
by Someone
1485 days ago
|
|
|
FTA: But to simplify my first security experiment with Fuchsia, I decided to disable SMAP and SMEP in the script starting QEMU and create the fake vtable in my exploit in the userspace I don’t see them re-enabling it later, so yes, they found security problems, but they didn’t show a complete attack, either. |
|
|
They explain why they do so, and the article is extremely valuable as a first step and tutorial to get started in Zircon kernel hacking. They also find some actual issues, including one CVE. But I disagree the article shows how "unsecure Fuchsia is as a result of being unfinished".