• 0 voto(i) - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5
[Domanda] Verifica fix Meltdown e Spectre con un semplice Script!
#1
Ciao ragazzi,
ho visto che su Tecmint.com è riportata la guida per testare se il proprio OS è immune o meno alle due falle del momento, ovvero Meldown e Spectre.
Per testare il proprio Sistema, basta eseguire:

Citazione:# git clone https://github.com/speed47/spectre-meltdown-checker.git
# cd spectre-meltdown-checker/
# sudo ./spectre-meltdown-checker.sh

Il risultato potrebbe essere qualcosa di simile a:

[Immagine: Check-Meltdown-Spectre-Vulnerabilities.png]

Qualcuno riesce a testare il nuovo Deepin Kernel 4.14 Rev.2?
Io avrò tempo stasera per verificare, ma magari qualcuno avanza 5 minuti!
Tech addicted, sono attratto dal mondo della tecnologia e tutto ciò che ne deriva. Mi ritengo un affermato utente Android e GNU/Linux. Guardo al futuro speranzoso che nuove innovazioni tecnologiche facciano capolino nella vita quotidiana!
  Cita messaggio
#2
Ciao ,Massimo i comandi sono sbagliati ...
Coltiva GNU - LINUX , Windows si pianta da solo...... [Immagine: qq-emoticon-006.gif]

  Cita messaggio
#3
A me i comandi funzionano.
  Cita messaggio
#4
Scusami Massimo,ma mi sono accorto che non avevo installato git ,nonostante il macinino è vecchio direi che le pacth fanno il loro di lavoro ma da quanto ho capito hanno minimizzato le perdite .... corregimi se sbaglio posto il risultato del terminale:

Codice:
Checking for vulnerabilities on current system
Kernel is Linux 4.14.0-deepin2-amd64 #1 SMP PREEMPT Deepin 4.14.12-2 (2018-01-06) x86_64
CPU is Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
 * Indirect Branch Restricted Speculation (IBRS)
   * SPEC_CTRL MSR is available:  NO
   * CPU indicates IBRS capability:  NO
 * Indirect Branch Prediction Barrier (IBPB)
   * PRED_CMD MSR is available:  NO
   * CPU indicates IBPB capability:  NO
 * Single Thread Indirect Branch Predictors (STIBP)
   * SPEC_CTRL MSR is available:  NO
   * CPU indicates STIBP capability:  NO
 * Enhanced IBRS (IBRS_ALL)
   * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
   * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
 * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
* CPU vulnerability to the three speculative execution attacks variants
 * Vulnerable to Variant 1:  YES
 * Vulnerable to Variant 2:  YES
 * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO
> STATUS:  VULNERABLE  (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
 * Kernel is compiled with IBRS/IBPB support:  NO
 * Currently enabled features
   * IBRS enabled for Kernel space:  NO
   * IBRS enabled for User space:  NO
   * IBPB enabled:  NO
* Mitigation 2
 * Kernel compiled with retpoline option:  NO
 * Kernel compiled with a retpoline-aware compiler:  NO
 * Retpoline enabled:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer
Coltiva GNU - LINUX , Windows si pianta da solo...... [Immagine: qq-emoticon-006.gif]

  Cita messaggio
#5
(01-25-2018, 07:41 PM)Alessandro Ha scritto: A me i comandi funzionano.

posta pure il risultato cosi vediamo i risultati....
Coltiva GNU - LINUX , Windows si pianta da solo...... [Immagine: qq-emoticon-006.gif]

  Cita messaggio
#6
questi sono di Xubuntu 17.10 del netbook.

Codice:
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-31-generic #34-Ubuntu SMP Fri Jan 19 16:34:46 UTC 2018 x86_64
CPU is Intel(R) Atom(TM) CPU N450   @ 1.66GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  YES
> STATUS:  NOT VULNERABLE  (114 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
 * Hardware support (CPU microcode)
   * Indirect Branch Restricted Speculation (IBRS)
     * SPEC_CTRL MSR is available:  NO
     * CPU indicates IBRS capability:  NO
   * Indirect Branch Prediction Barrier (IBPB)
     * PRED_CMD MSR is available:  NO
     * CPU indicates IBPB capability:  NO
 * Kernel is compiled with IBRS/IBPB support:  YES
 * Currently enabled features
   * IBRS enabled for Kernel space:  NO  (echo 1 > /proc/sys/kernel/ibrs_enabled)
   * IBRS enabled for User space:  NO  (echo 2 > /proc/sys/kernel/ibrs_enabled)
   * IBPB enabled:  NO  (echo 1 > /proc/sys/kernel/ibpb_enabled)
* Mitigation 2
 * Kernel compiled with retpoline option:  NO
 * Kernel compiled with a retpoline-aware compiler:  NO
 * Retpoline enabled:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  YES
* Running under Xen PV (64 bits):  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
  Cita messaggio
#7
Beh direi che il tuo sia molto meglio del mio anziano chip ,bene cosi .
saluti
Coltiva GNU - LINUX , Windows si pianta da solo...... [Immagine: qq-emoticon-006.gif]

  Cita messaggio
#8
Fatto il test adesso e risulta così. La cpu è immune alla variante 3. Per le prime 2 invece anche con le ultime patch il problema è ancora lì  Sad


Codice:
Spectre and Meltdown mitigation detection tool v0.33

Checking for vulnerabilities on current system
Kernel is Linux 4.14.0-deepin2-amd64 #1 SMP PREEMPT Deepin 4.14.12-2 (2018-01-06) x86_64
CPU is AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
 * Indirect Branch Restricted Speculation (IBRS)
   * SPEC_CTRL MSR is available:  NO
   * CPU indicates IBRS capability:  NO
 * Indirect Branch Prediction Barrier (IBPB)
   * PRED_CMD MSR is available:  NO
   * CPU indicates IBPB capability:  NO
 * Single Thread Indirect Branch Predictors (STIBP)
   * SPEC_CTRL MSR is available:  NO
   * CPU indicates STIBP capability:  NO
 * Enhanced IBRS (IBRS_ALL)
   * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
   * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
 * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
 * CPU microcode is known to cause stability problems:  NO
* CPU vulnerability to the three speculative execution attacks variants
 * Vulnerable to Variant 1:  YES
 * Vulnerable to Variant 2:  YES
 * Vulnerable to Variant 3:  NO

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO
> STATUS:  VULNERABLE  (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
 * Kernel is compiled with IBRS/IBPB support:  NO
 * Currently enabled features
   * IBRS enabled for Kernel space:  NO
   * IBRS enabled for User space:  NO
   * IBPB enabled:  NO
* Mitigation 2
 * Kernel compiled with retpoline option:  NO
 * Kernel compiled with a retpoline-aware compiler:  NO
 * Retpoline enabled:  NO
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  NO
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
  Cita messaggio


Vai al forum:


Utenti che stanno guardando questa discussione: 2 Ospite(i)