• mox@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 months ago

    anyone with that access can do a lot of damage anyway.

    it’s just that there’s no remediation once the flaw has been exploited.

    One of these things is not like the other.

      • FierySpectre@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        4 months ago

        It’s always been a thing that the only way to completely be safe after malware is yeeting the old system and getting a new one…

        And even then there have been actively exploited issues where the system gets re-infected when reloading the data from a backup. (My memory is a bit rusty on that one, but it was just data being restored, nothing that should install anything)

    • Telorand@reddthat.com
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      4 months ago

      They’re intrinsically linked, in fact. If you have kernel access, you can do any number of things, including but not limited to persistent rootkits. I agree that this bug is one step further, since it affects the processor itself, but if somebody has ring 0 access that shouldn’t, you already have problems.

    • Shdwdrgn
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      4 months ago

      Read it again, in context. What they said is perfectly valid.

      • mox@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        4 months ago

        No, it is misleading. An exploit with no remediation is not remotely comparable to a normal root exploit, which can be fixed with a simple OS reinstall.

        Edit: And their follow-up comment, “if somebody has ring 0 access that shouldn’t, you already have problems,” is dangerously misleading. While technically true that you would have a problem in both scenarios, presenting it that way is like telling someone not to worry about losing a leg because their sprained ankle is already a problem.