...at which point that untrusted code gains full access to the only userspace process that matters on that node. If you gain access to run code on a server process why escalate further, you already have access to everything that matters?...
Assuming bare metal. In shared hosting / cloud / VMs it is different.
This is a great point. Probably someone will argue properly configured apache will not have access to data ... etc. I think the practical reality is in many setups it already does, and what these hardware bugs mean is that the lazy imperfect - effectively single layer - security that probably exists on the majority of servers is now essentially equivalent to the security of systems where the security minded have been incredibly diligent (and at considerable cost) ensuring multi layer security ... etc. So in some sense it is an attack on their value system and their worth/usefulness.
I think this is a fantastic insight. There is a particular mindset of security thinking which compartmentalizes breach impacts on the basis of how much of the security infrastructure itself is compromised. 'well, they get remote code execution, but at least they can't recover passwords', or 'this vulnerability is bad because it allows recovery of temporary TLS keys'. And Spectre/Meltdown seems to turn every vulnerability into one of these 'world shattering' security breaches that mean your secret keys are all exposed.
But for servers, the application-level vulnerabilities that are needed in order to get meltdown or spectre attacks to run are already devastating. Take over a game server process and you own the in game currency and the scores and the ability to ban users, and probably user level login as well. And you have your pick of privilege escalation mechanisms already, probably.
If you’re running an SSL terminating web server in front of your application server (on the same node), these exploits would allow you to read the ssh private key from the front end, AIUI.
That only matters if not everything is in the same sandbox. Many non-cloud servers probably either only run a single service, or they run all processes as the same user, which means that a sandbox escape doesn't really matter. You can't lose any security layers you never had in the first place.
Would be funny to see a game server exploit (since this was about Epic Games here) via specially crafted network packages that look like valid game messages. Has this happened before? Seems natural that those game coordinator backends and such should have security holes too.
Shouldn't be different to any other server. I've not heard of it happening. However I've heard of many bugs in Overwatch which let you crash the server via in-game actions and kick everyone out.
