Displaying 1 result from an estimated 1 matches for "utroz".
Did you mean:
stroz
2018 Jan 06
2
PEM file opened without DIRECT I/O which makes private key readable by attacker exploiting MELTDOWN
...e up with a POC
for that if anybody is interested, I'm basing my work on the tool I created
for checking whether system is vulnerable by exploiting MELTDOWN, follow
it: https://github.com/raphaelsc/Am-I-affected-by-Meltdown
Check strace output when connect to instance via ssh:
open("/home/utroz/.ssh/raphaelsc_aws.pem", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0400, st_size=1696, ...}) = 0
read(4, "-----BEGIN RSA PRIVATE KEY-----\r"..., 4096) = 1696
close(4)
I think we are possibly interested in switching to DIRECT IO (given that it
bypasses any caching system including page...