|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 2/2] x86: allow Meltdown band-aid to be disabled
On 16/01/18 13:12, George Dunlap wrote: > On Mon, Jan 15, 2018 at 11:07 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >> First of all we don't need it on AMD systems. Additionally allow its use >> to be controlled by command line option. For best backportability, this >> intentionally doesn't use alternative instruction patching to achieve >> the intended effect - while we likely want it, this will be later >> follow-up. > > Is it worth making it optional to apply to dom0? In most cases, if an > attacker can manage to get userspace on dom0, they should be able to > take over the whole system anyway; turning it off on dom0 to get > better performance seems like a policy decision that administrators > might reasonably make. You are implying here that Linux is insecure: why does userspace access allow you to take over the machine? I can see that being true for root access, but not for any other unprivileged user account. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |