undefined | Better HN

0 points29athrowaway3y ago0 comments

If you read the article it mentions that ASLR doesn't work, and it's treated as a "known bug".

0 comments

Kernel ASLR. User-space has ASLR enabled and working, in addition to shadow stacks and a number of other hardening techniques.

binkHN3y ago

The article also references syscalls that are marked with TODOs for validation of those calls.

mda3y ago

Do you assume I didn't read the article? Calling it insecure based on this is absurd.

rvz3y ago

Exactly I also find it slightly silly to immediately declare this 'insecure' in this case here.

If it was directly end-to-end on say a Nest Hub running a release version of Fuchsia then that would be a more convincing here, as that would confirm that it can be deployed and the bug can be exploited in the wild and in production and not on a newly built developer version running in an emulator.

The writeup of finding and exploiting this bug is impressive, but whether if you can use that exploit to directly attack a production version of Fuchsia on a device like the Nest Hub is another thing, which is the same way security researchers do to break live versions of other OSes like macOS, Windows, Android and Linux.

j / k navigate · click thread line to collapse