Every time a new vulnerability of the class “turns out all things were vulnerable all along” is announced, I imagine how much fun time travellers would have with these.
Someone with a CVE database from the future could just walk right in into any system. Pentagon? OK, lemmie just hearbleed, shellshock, meltdown — I’m in!
Discussed here yesterday.
Heh. Maybe there will be better discussion of it here as that was mostly off-topic. I’m not sure I’ve got anything useful to add other than what’s in the article or the paper. I’m not surprised by any of this but it is incredibly annoying and I’m sure it doesn’t end here. We’re going to need new and better mitigations because these things won’t be “fixed”. I can’t stand spender (grsec guy) but he’s definitely been right about KASLR at least as it applies to the linux kernel.