Re: Meltdown and spectre

From: Lothar Flatz <l.flatz_at_bluewin.ch>
Date: Fri, 5 Jan 2018 14:47:48 +0100
Message-ID: <5adff2ed-00c0-410e-4c9f-334d613d6d4d_at_bluewin.ch>

Anyone knows about Sparc?
Are they affected?

Am 05.01.2018 um 14:37 schrieb Mark W. Farnham:
>
> This also poses what I think is a relevant question for folks who
> place their physical RDBMS server(s) securely and only have privileged
> logons anyway. (You really can’t stop a fully privileged account from
> viewing memory or any other resources anyway and only in memory
> encryption can frustrate that if a bad actor has gained a privileged
> access to a server.)
>
> So, will there be an “insecure” patch to skip the overhead and rely on
> server access control?
>
> Then we can have a fresh round of the debate about whether “physical”
> or “virtual” is faster with the playing field thus tilted
> significantly in favor of “physical.”
>
> I also wonder for “virtual” servers whether this could be merely a
> “hypervisor” patch (which in ring security theory dating back to the
> 1970’s could establish a memory address bounded area at the privileged
> account layer (which should be a heckuva lot cheaper than a wrapper on
> every “syscall.”)
>
> DTSS is lookin’ pretty good right now. Still it was our own fault for
> not explaining clearly to enough to management that 100 million (plus)
> copies at $39.95 each was more than 12 copies at $10 million each. Sigh.
>
> mwf
>
> *From:*oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] *On Behalf Of *Niall Litchfield
> *Sent:* Thursday, January 04, 2018 10:58 AM
> *To:* andrew.kerber_at_gmail.com
> *Cc:* fmh; ORACLE-L
> *Subject:* Re: Meltdown and spectre
>
> There absolutely should be an OEL patch for this - for the RH kernel
> they'll probably take upstream - for UEK I'd expect an Oracle patch.
> I'd expect Oracle shops to be regression testing to determine the
> likely impact on RDBMS (and java app for that matter) performance.
>
> On Thu, Jan 4, 2018 at 3:40 PM, Andrew Kerber <andrew.kerber_at_gmail.com
> <mailto:andrew.kerber_at_gmail.com>> wrote:
>
> I was wondering the same thing. But I dont think its up to Oracle to
> patch this, its going to be at the OS and firmware level. But
> everything I read says that its going be a huge performance hit,
> anywhere from 10-50%, and the higher end will be on IO bound systems.
>
> On Thu, Jan 4, 2018 at 9:33 AM, Fred Habash <fmhabash_at_gmail.com
> <mailto:fmhabash_at_gmail.com>> wrote:
>
> Checked Oracle security bulletins but didn't find anything related.
> Did Oracle release an official statement for these vulnerabilities at
> least for the RDBMS and OEL.
>
> Thanks
>
>
>
>
> --
>
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>
>
>
> --
>
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>

-- 





--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jan 05 2018 - 14:47:48 CET

This message: [ Message body ]
Next message: Mark W. Farnham: "RE: SQL Command list history on Linux"
Previous message: Jeff Smith: "RE: SQL Command list history on Linux"
In reply to Mark W. Farnham: "RE: Meltdown and spectre"
Next in thread: Matt Adams: "RE: Meltdown and spectre"
Reply: Matt Adams: "RE: Meltdown and spectre"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message