Hacker News new | past | comments | ask | show | jobs | submit login

> you don't need to take control of the sandbox

Your original request was: “If you've seen an exploit caused by a big pre-allocated array of untrusted RGBA data, please explain how.”

> It's something to keep an eye on but not important itself. You have to add a vulnerability to get a vulnerability.

Which is exactly how exploit chains work.

A single vulnerability usually doesn’t achieve something dangerous on its own. But remove it from the chain and you lose your exploit.




> Your original request was: “If you've seen an exploit caused by a big pre-allocated array of untrusted RGBA data, please explain how.”

I asked that in a context of whether you can contain vulnerabilities in a sandbox. If something doesn't even require a vulnerability, then it doesn't fit.

Also please note the words "caused by". A few helper bytes sitting somewhere are not the cause.

> Which is exactly how exploit chains work.

> A single vulnerability usually doesn’t achieve something dangerous on its own. But remove it from the chain and you lose your exploit.

Being part of an exploit chain doesn't by itself make something qualify as a vulnerability. (Consider arbitrary gadgets already in the program. You can't remove all bytes.) And I've never seen "you can send it bytes" described as a vulnerability before. Not even if you know the bytes will be stored at the start of a page!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: