I don't know enough about the subject to agree or disagree with this statement but you've got me curious. Is that a:
A. "It's fundamentally impossible to make this change because operating systems cannot be modified in this way by a remote system" (i.e. making a change at this level of the architecture would result in the remote connection being dropped and all of the attackers work becomes moot.)
B. "The code has been reviewed and hardened sufficiently that experts are universally assured that attempting this type of remote change will fail."
...or am I looking at this the wrong way and it's secure for a completely different reason? I've always been taught to be skeptical of any statement of perceived certainty when it involves computer security so I appreciate additional details so I can expand my knowledge.
API used in the PoC is not used during parsing of the traffic. In order to trigger the bug remotely you'd either need to chain it with another exploit or have a way of running arbitrary commands as a local user (e.g. by exploiting webapp).
I think you are looking at it wrong way. A remote exploit is one where the exploit makes use of a vuln over network. The bug/vuln is exposed in either the networking or applications accessible over the net. In this case, you need to use a remote exploit to get local access and then use this to elevate the local access to root access. You can still do it through a remote system, but not without the intermediate step.
I don't know enough about the subject to agree or disagree with this statement but you've got me curious. Is that a:
A. "It's fundamentally impossible to make this change because operating systems cannot be modified in this way by a remote system" (i.e. making a change at this level of the architecture would result in the remote connection being dropped and all of the attackers work becomes moot.)
B. "The code has been reviewed and hardened sufficiently that experts are universally assured that attempting this type of remote change will fail."
...or am I looking at this the wrong way and it's secure for a completely different reason? I've always been taught to be skeptical of any statement of perceived certainty when it involves computer security so I appreciate additional details so I can expand my knowledge.
Thank you in advance!