Which cloud providers are affected by Meltdown?
Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.
漏洞对硬件虚拟化没有影响,也就是说除了阿里这种部分使用了xen pv模式的云计算(至少用户隔离这部分)都没有影响。
What can be leaked?
If your system is affected, our proof-of-concept exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system.
也就是说一个恶意的软件可以读取用户密码等信息,而且由于不是通过键盘记录这种明确的方式获取的,杀毒软件几乎不可能识别这样的攻击。
Is there a workaround/fix?
There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre
KAISER 对性能的主要影响是系统调用的性能。而系统调用本来就是软件的性能杀手,正常的软件都会尽量避免使用。受影响的主要是IO密集型应用这样绕不过系统调用的软件,比如数据库。 |