Mx-16 - Page 6

danielson · 21. Nov 2017, 02:45 PM

MX-17 b2 is pretty good too!

Panzer · 22. Dec 2017, 10:33 AM

https://mxlinux.org/mx-17-released-december-15-2017

torres-no-tan-magnifico · 13. Jan 2018, 01:53 PM

I recently downloaded a patch from Intel re the M & S debacle: https://downloadcenter.intel.com/dow...code-Data-File

After failing to run the patch I noticed today that there was an update for the above-mentioned. I updated the microcode and rebooted my PC.

For peace of mind I would like to run the Spectre & Meltdown Checker, which I have downloaded from here: https://github.com/speed47/spectre-meltdown-checker

Unfortunately, my command line skills aren't great and I have failed to run the .sh script.
I keep getting the 'directory not found' despite running sudo.

Any Linux whizz kids out there that can solve this problem for me?

danielson · 13. Jan 2018, 05:48 PM

Hope this tip from GHacks can be of assistance:

Here is how it works:

Open Terminal on the Linux system you want to check.
Type cd /tmp/
Type wget https://raw.githubusercontent.com/sp...own-checker.sh. This downloads the script from the GitHub server.
Type sudo sh spectre-meltdown-checker.sh. This runs the script with elevated privileges.
Type the password.

The script checks each variant individually and lists its finding. If you get “status: vulnerable,” the system is vulnerable to the variant. The checks for Spectre variant 2 and Meltdown reveal additional information.

A system that is vulnerable needs a kernel update to protect against potential attacks exploiting these vulnerabilities.

How you get the kernel update depends on the Linux distribution. You select Menu > Administration > Update Manager in Linux Mint to check for available updates. The kernel is not available yet, however.

Once you run the update, rerun the script to verify that the system is no longer vulnerable.

The Spectre & Meltdown Checker supports the scanning of offline kernels as well. Use the parameter −−kernel vmlinux_file for that and if available −−config kernel_config and −−map kernel_map_file as well

torres-no-tan-magnifico · 13. Jan 2018, 08:30 PM

Many thanks danielson for your reply and link. I managed to get the checker to work, but the result wasn't very good:

CPU is Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: NO
> STATUS: VULNERABLE (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
> STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

I'm surprised, as I have installed the latest microcode update and rebooted my PC. I guess I will have to wait for an update for the kernel.

Once again, many thanks.

A vulnerable Torres!

danielson · 13. Jan 2018, 10:49 PM

Not good, but hey! The whole world is in this mess!

You might want to read over what MX had this to say about those security issues:
https://mxlinux.org/meltdown-spectre-news

danielson · 13. Jan 2018, 11:07 PM

At least check if your browser is safe:
http://xlab.tencent.com/special/spec...tre_check.html

Firefox is good but Chrome based not so sure.

torres-no-tan-magnifico · 14. Jan 2018, 02:16 PM

Thanks for the links: my browser is FF and everything appears ticketyboo with that. Unfortunately, the only patches for MX-16 are 64 bit versions and mine ,of course, is 32 bit.

I'm a tad confused over whether I can use the antiX kernels and if so which one? The only antiX kernel in MX Package Installer is 4.10 32 bit no pae, but the blog link only mentions lower kernel numbering eg 4.9.75, 4.4.109 etc.
Also, for the life of me I can't remember if I have no pae or pae installed!

danielson · 14. Jan 2018, 03:21 PM

Search for it my man!
https://askubuntu.com/questions/1283...achine-has-pae

Seems like the intel version of my laptop won't get any updates.
A sign that countless "third world" computers will be at risk for ever?

One way or the other, today it's Sceptre or Meltdown, and tomorrow?

torres-no-tan-magnifico · 14. Jan 2018, 03:50 PM

It appears to be PAE.

13. Jan 2018, 01:53 PM	#53 (permalink)
torres-no-tan-magnifico Copy Editor Join Date: Sep 2009 Posts: 1,123	I recently downloaded a patch from Intel re the M & S debacle: https://downloadcenter.intel.com/dow...code-Data-File After failing to run the patch I noticed today that there was an update for the above-mentioned. I updated the microcode and rebooted my PC. For peace of mind I would like to run the Spectre & Meltdown Checker, which I have downloaded from here: https://github.com/speed47/spectre-meltdown-checker Unfortunately, my command line skills aren't great and I have failed to run the .sh script. I keep getting the 'directory not found' despite running sudo. Any Linux whizz kids out there that can solve this problem for me? __________________ (Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33)

13. Jan 2018, 08:30 PM	#55 (permalink)
torres-no-tan-magnifico Copy Editor Join Date: Sep 2009 Posts: 1,123	Many thanks danielson for your reply and link. I managed to get the checker to work, but the result wasn't very good: CPU is Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: NO > STATUS: VULNERABLE (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation: NO * Kernel support for IBRS: NO * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): NO * PTI enabled and active: NO > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability) A false sense of security is worse than no security at all, see --disclaimer I'm surprised, as I have installed the latest microcode update and rebooted my PC. I guess I will have to wait for an update for the kernel. Once again, many thanks. A vulnerable Torres! __________________ (Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33)

14. Jan 2018, 02:16 PM	#58 (permalink)
torres-no-tan-magnifico Copy Editor Join Date: Sep 2009 Posts: 1,123	Thanks for the links: my browser is FF and everything appears ticketyboo with that. Unfortunately, the only patches for MX-16 are 64 bit versions and mine ,of course, is 32 bit. I'm a tad confused over whether I can use the antiX kernels and if so which one? The only antiX kernel in MX Package Installer is 4.10 32 bit no pae, but the blog link only mentions lower kernel numbering eg 4.9.75, 4.4.109 etc. Also, for the life of me I can't remember if I have no pae or pae installed! __________________ (Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33)

14. Jan 2018, 03:50 PM	#60 (permalink)
torres-no-tan-magnifico Copy Editor Join Date: Sep 2009 Posts: 1,123	It appears to be PAE. __________________ (Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

21. Nov 2017, 02:45 PM	#51 (permalink)
danielson Senior Member Join Date: Jun 2012 Posts: 1,170	MX-17 b2 is pretty good too!

22. Dec 2017, 10:33 AM	#52 (permalink)
Panzer Editor Join Date: Jan 2012 Posts: 714	https://mxlinux.org/mx-17-released-december-15-2017

13. Jan 2018, 05:48 PM	#54 (permalink)
danielson Senior Member Join Date: Jun 2012 Posts: 1,170	Hope this tip from GHacks can be of assistance: Here is how it works: Open Terminal on the Linux system you want to check. Type cd /tmp/ Type wget https://raw.githubusercontent.com/sp...own-checker.sh. This downloads the script from the GitHub server. Type sudo sh spectre-meltdown-checker.sh. This runs the script with elevated privileges. Type the password. The script checks each variant individually and lists its finding. If you get “status: vulnerable,” the system is vulnerable to the variant. The checks for Spectre variant 2 and Meltdown reveal additional information. A system that is vulnerable needs a kernel update to protect against potential attacks exploiting these vulnerabilities. How you get the kernel update depends on the Linux distribution. You select Menu > Administration > Update Manager in Linux Mint to check for available updates. The kernel is not available yet, however. Once you run the update, rerun the script to verify that the system is no longer vulnerable. The Spectre & Meltdown Checker supports the scanning of offline kernels as well. Use the parameter −−kernel vmlinux_file for that and if available −−config kernel_config and −−map kernel_map_file as well

13. Jan 2018, 10:49 PM	#56 (permalink)
danielson Senior Member Join Date: Jun 2012 Posts: 1,170	Not good, but hey! The whole world is in this mess! You might want to read over what MX had this to say about those security issues: https://mxlinux.org/meltdown-spectre-news

13. Jan 2018, 11:07 PM	#57 (permalink)
danielson Senior Member Join Date: Jun 2012 Posts: 1,170	At least check if your browser is safe: http://xlab.tencent.com/special/spec...tre_check.html Firefox is good but Chrome based not so sure.

14. Jan 2018, 03:21 PM	#59 (permalink)
danielson Senior Member Join Date: Jun 2012 Posts: 1,170	Search for it my man! https://askubuntu.com/questions/1283...achine-has-pae Seems like the intel version of my laptop won't get any updates. A sign that countless "third world" computers will be at risk for ever? One way or the other, today it's Sceptre or Meltdown, and tomorrow?