[Info-vax] Page cache side-channel attack revealed
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Jan 7 13:39:33 EST 2019
On 2019-01-07 01:36:39 +0000, Simon Clubley said:
> Is VMS vulnerable to the same techniques ?
Prolly.
Here's the paper: https://arxiv.org/abs/1901.01161
This seems both a semi-portable covert channel in one potential usage
discussed in the paper, and a discussion of "fun" with probing shared
libraries—installed images on OpenVMS—in another context.
There are various ways to exfiltrate data from a compromised process
from OpenVMS, and—given that OpenVMS lacks any concept of a
sandbox—while this approach can apply to OpenVMS, there can be much
easier ways to exfiltrate data, and there are other covert channels
available. As for what seems a way to instrument the activity of
another process itself accessing a shared library—a shareable
image—from within a malicious app, that's mildly interesting but seems
a whole lot of work. It seems possible this also works on OpenVMS,
given the $PURGWS or the
hey-look-at-that-yet-another-inconsistent-not-64-suffix-named $PURGE_WS
call.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list