To get stupid answers from you.aciddose wrote: Regarding passwords: you know exactly how this works so why ask stupid questions?
If you can convice the system run your code on ring 0 (via i.e. meltdown), you ARE THE KERNEL.aciddose wrote: The point is the text is transmitted in the open in userspace, so whether it's in the kernelspace or not is irrelevant at that point. The real threat is via the less severe issue it is possible for javascript in your browser to potentially implement a keylogger. Some browsers have already been patched.
The memory is your's now - access whatever you want, nobody will stop you from it (including stuff on ring 3, aka your app, that has the password on user-space .. where user-space is nothing else than a memory page.. fully accessible from ring 0).