![]() |
![]() |
#53 (permalink) |
Copy Editor
Join Date: Sep 2009
Posts: 1,123
|
![]()
I recently downloaded a patch from Intel re the M & S debacle: https://downloadcenter.intel.com/dow...code-Data-File
After failing to run the patch I noticed today that there was an update for the above-mentioned. I updated the microcode and rebooted my PC. For peace of mind I would like to run the Spectre & Meltdown Checker, which I have downloaded from here: https://github.com/speed47/spectre-meltdown-checker Unfortunately, my command line skills aren't great and I have failed to run the .sh script. I keep getting the 'directory not found' despite running sudo. Any Linux whizz kids out there that can solve this problem for me?
__________________
(Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33) |
![]() |
![]() |
![]() |
#54 (permalink) |
Senior Member
Join Date: Jun 2012
Posts: 1,170
|
![]()
Hope this tip from GHacks can be of assistance:
Here is how it works: Open Terminal on the Linux system you want to check. Type cd /tmp/ Type wget https://raw.githubusercontent.com/sp...own-checker.sh. This downloads the script from the GitHub server. Type sudo sh spectre-meltdown-checker.sh. This runs the script with elevated privileges. Type the password. The script checks each variant individually and lists its finding. If you get “status: vulnerable,” the system is vulnerable to the variant. The checks for Spectre variant 2 and Meltdown reveal additional information. A system that is vulnerable needs a kernel update to protect against potential attacks exploiting these vulnerabilities. How you get the kernel update depends on the Linux distribution. You select Menu > Administration > Update Manager in Linux Mint to check for available updates. The kernel is not available yet, however. Once you run the update, rerun the script to verify that the system is no longer vulnerable. The Spectre & Meltdown Checker supports the scanning of offline kernels as well. Use the parameter −−kernel vmlinux_file for that and if available −−config kernel_config and −−map kernel_map_file as well |
![]() |
![]() |
![]() |
#55 (permalink) |
Copy Editor
Join Date: Sep 2009
Posts: 1,123
|
![]()
Many thanks danielson for your reply and link. I managed to get the checker to work, but the result wasn't very good:
CPU is Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: NO > STATUS: VULNERABLE (only 23 opcodes found, should be >= 70, heuristic to be improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation: NO * Kernel support for IBRS: NO * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): NO * PTI enabled and active: NO > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability) A false sense of security is worse than no security at all, see --disclaimer I'm surprised, as I have installed the latest microcode update and rebooted my PC. I guess I will have to wait for an update for the kernel. Once again, many thanks. A vulnerable Torres! ![]()
__________________
(Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33) |
![]() |
![]() |
![]() |
#56 (permalink) |
Senior Member
Join Date: Jun 2012
Posts: 1,170
|
![]()
Not good, but hey! The whole world is in this mess!
You might want to read over what MX had this to say about those security issues: https://mxlinux.org/meltdown-spectre-news |
![]() |
![]() |
![]() |
#57 (permalink) |
Senior Member
Join Date: Jun 2012
Posts: 1,170
|
![]()
At least check if your browser is safe:
http://xlab.tencent.com/special/spec...tre_check.html Firefox is good but Chrome based not so sure. |
![]() |
![]() |
![]() |
#58 (permalink) |
Copy Editor
Join Date: Sep 2009
Posts: 1,123
|
![]()
Thanks for the links: my browser is FF and everything appears ticketyboo with that. Unfortunately, the only patches for MX-16 are 64 bit versions and mine ,of course, is 32 bit.
![]() I'm a tad confused over whether I can use the antiX kernels and if so which one? The only antiX kernel in MX Package Installer is 4.10 32 bit no pae, but the blog link only mentions lower kernel numbering eg 4.9.75, 4.4.109 etc. Also, for the life of me I can't remember if I have no pae or pae installed! ![]()
__________________
(Mx16 + Cx1 + Lx2) + (Tx5 + Nx2 + Bx33) |
![]() |
![]() |
![]() |
#59 (permalink) |
Senior Member
Join Date: Jun 2012
Posts: 1,170
|
![]()
Search for it my man!
https://askubuntu.com/questions/1283...achine-has-pae Seems like the intel version of my laptop won't get any updates. A sign that countless "third world" computers will be at risk for ever? One way or the other, today it's Sceptre or Meltdown, and tomorrow? |
![]() |
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|