Rowhammer Bug:攻擊記憶體的值...

GoogleProject Zero 實做 Rowhammer Bug:「Exploiting the DRAM rowhammer bug to gain kernel privileges」。

開頭就很科幻:

“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows.

然後就提到實做了:

We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect.

給出了 NaCl sandbox escape 與 Kernel privilege escalation 兩種方式。

這頭快炸了...

Google Chrome 上使用 Native Client (NaCl) 執行 Vim...

Twitter 上看到有人講:「Vim console application running using NativeClient」,實際跑起來長這樣:

只是跑起來測試,因為平常用的平台 (UbuntuMac OS X) 都有原生的 Vim 可以用...

這算是 Native Client 的火力展示嗎?

NaCl (Native Client) 總算要支援 ARM 了...

OSnews 上看到 NaCl 要支援 ARM 了,在這之前的版本都只能跑在 x86 family 上面:「Native client now supports ARM」。

另外在 The Chromium Blog 上也提到這件事情:「Native Client support on ARM」。

下一個預定要完成的計畫是 Portable Native Client (PNaCl),希望用 LLVM 一統江湖... XD