(keitai-l) Re: bitflipping out of the sandbox

From: Curt Sampson <cjs_at_cynic.net>
Date: 05/19/03
Message-ID: <Pine.NEB.4.51.0305191353560.431@angelic-vtfw.cvpn.cynic.net>
On Sat, 17 May 2003, Ben Hutchings wrote:

> No, the program spins its wheels until it detects a change in an
> object reference.  There are many badly built PCs which will overheat
> if you make full use of them for a few minutes.

If by "overheat" you mean, not simply running hot enough that there will
be a reduction in component life, but hot enough that you will start to
get random memory errors with any sort of frequency, I'd like to see
your evidence for this. Such a computer would be crashing on a regular
basis, and would soon enough corrupt its disk (as the researchers
themselves experienced).

I'd like to see some evidence that there are "many badly built PCs" that
will

> Wrong - you can embed this as a trojan horse in an apparently useful
> applet or a servlet or something like that, which you get someone else
> to run on their machine.  They think it's restricted in a sandbox, but
> actually it can break out.  It's an attack that will work on many PCs.

Only if you can induce the meory error, which is in practice extremely
difficult without opening up the machine.

And when you're sitting there with someone's opened machine in front of
you, you have much easier ways of taking over his system.

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC
Received on Mon May 19 08:00:09 2003