Re: 32 bit fix? (Was Re: Meltdown – Spectre)
Daniel Feenberg
feenberg at nber.org
Wed Jan 10 12:39:53 UTC 2018
On Wed, 10 Jan 2018, Dave B via freebsd-questions wrote:
> Hi Ed.
>
> Understood. There's "a lot" of FreeBSD based kit out there, running on
> 32 bit hardware. A lot of NAS's for one. (I don’t suppose any of
> those commercial "appliances" will ever be updated though.)
>
Are NAS's a worry? Wouldn't the typical NAS login have root already? Why
would anyone other than the system admin have a login on the NAS box at
all? If the NAS isn't used as a web browser or MUA, how would the malware
get to be run by an unprivileged user?
I understand that the vulnerability can be demonstrated in Javascript, but
this would be an attack on the client running with the privileges of the
web browser. That isn't something that would happen on the typical
system services appliance such as a NAS box, switch, or router.
daniel feenberg
NBER
More information about the freebsd-questions
mailing list