undefined | Better HN

0 pointsrendaw1y ago0 comments

I might not entirely understand, but

>> denial of service was considered to be the realistic impact

is in the article as justification for why this has low criticality and therefore isn't subject to the 90 day disclosure timeline. I.e. it's _limiting_ the predicted impact.

I assumed GP was referring to the other more critical risk, stack clashing, which I guess could lead to RCE? not being an issue on modern OS's.

0 comments

dataflow1y ago

The article basically said: "Letting your get killed this way would practically lead to DoS attacks (a security issue), therefore [conclusion]." The response was basically: "Actually, on modern OSes, your application gets killed, unlike on embedded systems. Therefore, [opposite conclusion]."

This doesn't make sense as a comment, regardless of the the particular conclusion.

j / k navigate · click thread line to collapse