Date: Mon, 29 Jul 2024 10:35:58 -0500
On Sun, Jul 28, 2024, at 11:46, Frederick Virchanza Gotham via Std-Proposals wrote:
> I just realised today that the "interceptor function" doesn't
> necessarily need to end with a jump to the original function.
What are the security implications of this? Both having an interceptor function at all, and having on that doesn't call the intended function. Is there any way, on any implementation that this provides an attacker a hole they can use to break into an otherwise secure system? (possibly having already broken in raise their permissions?) Remember you answer answering for all systems including future systems that don't exists yet, and all attacks including ones that done exist. In many existing run in a specific context, so installing an interceptor function may be a way to get the permissions of a function called from a different security context. (that is install the interceptor than wait until code in a different context runs)
> I just realised today that the "interceptor function" doesn't
> necessarily need to end with a jump to the original function.
What are the security implications of this? Both having an interceptor function at all, and having on that doesn't call the intended function. Is there any way, on any implementation that this provides an attacker a hole they can use to break into an otherwise secure system? (possibly having already broken in raise their permissions?) Remember you answer answering for all systems including future systems that don't exists yet, and all attacks including ones that done exist. In many existing run in a specific context, so installing an interceptor function may be a way to get the permissions of a function called from a different security context. (that is install the interceptor than wait until code in a different context runs)
Received on 2024-07-29 15:36:21