On January 3, 2018 10:56:30 PM EST, Dhaval Giani <[email protected]> wrote: > https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html >gives the gory details > >At this point, I cannot stress on how important it is to update your >systems as soon as your distribution ships them. I am hoping this >remains to be a once in a lifetime event.
I admire your optimism. To me it looks like this is a kind of example of feeping creaturisim in hypervisor's; not necessarily an easy patch. The idea of the necessity of some sort of kernel isolation has been around for quite a while. In part as a response to the ease with which userland interpreters can polute kernelspace. https://lwn.net/Articles/39283/ I've read that some of the proposed solutions could add as much as a 30% operational overhead. Not much of an issue for average home users but for enterprise this could be a real game changer. Like finding out the real cost, in energy consumption, of a Bitcoin transaction, is converging with the real costs of maintaining a paper currency. > >Dhaval
--- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
