On Mon, 15 Dec 2014, Martin Thomson wrote: > On 15 December 2014 at 08:11, Yves Lafon <ylafon@w3.org> wrote: >> I agree for localhost (if running on a privileged port) > > Define "privileged port". That's harder than it sounds, I'll bet. Hum... indeed, let's say a local server run by a privileged (aka trusted) user. > I've always thought that it's probably OK to consider the threat model > to only include attackers that are remote, in this case. I don't know > if we've ever really considered the threat model on the inside of a > machine. Is that something we really need to consider? Can the USB > device influence what is on loopback? As a USB device communicate using a specific protocol, the threar can be seen as remote. Plugging something in a usb port is easy, plugging something in a sata port is a bit more difficult. -- Baroula que barouleras, au tiƩu toujou t'entourneras. ~~YvesReceived on Wednesday, 17 December 2014 10:13:06 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC