- From: Yves Lafon <ylafon@w3.org>
- Date: Wed, 17 Dec 2014 05:13:02 -0500 (EST)
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: Sam Ruby <rubys@intertwingly.net>, www-tag@w3.org
On Mon, 15 Dec 2014, Martin Thomson wrote:
> On 15 December 2014 at 08:11, Yves Lafon <ylafon@w3.org> wrote:
>> I agree for localhost (if running on a privileged port)
>
> Define "privileged port". That's harder than it sounds, I'll bet.
Hum... indeed, let's say a local server run by a privileged (aka
trusted) user.
> I've always thought that it's probably OK to consider the threat model
> to only include attackers that are remote, in this case. I don't know
> if we've ever really considered the threat model on the inside of a
> machine. Is that something we really need to consider? Can the USB
> device influence what is on loopback?
As a USB device communicate using a specific protocol, the threar can be
seen as remote. Plugging something in a usb port is easy, plugging
something in a sata port is a bit more difficult.
--
Baroula que barouleras, au tiƩu toujou t'entourneras.
~~Yves
Received on Wednesday, 17 December 2014 10:13:06 UTC