Contenu | Rechercher | Menus

Annonce

L'équipe des administrateurs et modérateurs du forum vous invite à prendre connaissance des nouvelles règles.
En cas de besoin, vous pouvez intervenir dans cette discussion.

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#1 Le 15/01/2018, à 08:47

ft

Spectre/Meltdown checker

Salut,

C'est nouveau dans les dépôts Bionic :
https://launchpad.net/ubuntu/+source/sp … ker/0.29-1

Pour ceux qui ne testent pas Bionic, je suppose que le paquet doit être utilisable aussi.


Thinkpad T480s, Ubuntu Gnome 18.10

Hors ligne

#2 Le 15/01/2018, à 09:22

michel_04

Re : Spectre/Meltdown checker

Bonjour,

Sur 18.04.   --->   

~/Téléchargements/spectre-meltdown-checker-0.29$ sudo ./spectre-meltdown-checker.sh
[sudo] Mot de passe de michel : 
Spectre and Meltdown mitigation detection tool v0.29

Checking for vulnerabilities against running kernel Linux 4.13.0-25-generic #29-Ubuntu SMP Mon Jan 8 21:14:41 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

Ça fonctionne aussi sur 16.04.   --->   

~/spectre-meltdown-checker-0.29$ sudo ./spectre-meltdown-checker.sh
[sudo] Mot de passe de michel : 
Spectre and Meltdown mitigation detection tool v0.29

Checking for vulnerabilities against running kernel Linux 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 33 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  YES 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

A+

Dernière modification par michel_04 (Le 15/01/2018, à 09:27)

Hors ligne

#3 Le 15/01/2018, à 09:24

ft

Re : Spectre/Meltdown checker

Bon alors voici le lien direct :
https://launchpad.net/ubuntu/+source/sp … -1_all.deb
(64 bits, a priori)


Thinkpad T480s, Ubuntu Gnome 18.10

Hors ligne

#4 Le 15/01/2018, à 09:28

michel_04

Re : Spectre/Meltdown checker

Re,

Très bonne initiative.

A+

Hors ligne

#5 Le 15/01/2018, à 09:30

ft

Re : Spectre/Meltdown checker

Sous Bionic (noyau 4.14 du dépôt proposed) :

moi@moi-meme:~$ sudo spectre-meltdown-checker 

Spectre and Meltdown mitigation detection tool v0.29

Checking for vulnerabilities against running kernel Linux 4.14.0-15-generic #18-Ubuntu SMP Fri Jan 5 17:39:56 UTC 2018 x86_64
CPU is Intel(R) Xeon(R) CPU E3-1535M v5 @ 2.90GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  YES 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

Dernière modification par ft (Le 15/01/2018, à 09:31)


Thinkpad T480s, Ubuntu Gnome 18.10

Hors ligne

#6 Le 15/01/2018, à 19:16

Alex10336

Re : Spectre/Meltdown checker

L'entête du script:

# Check for the latest version at:
# https://github.com/speed47/spectre-meltdown-checker
# git clone https://github.com/speed47/spectre-meltdown-checker.git
# or wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh
#

C'est celui qui tourne sur le sujet qui en parle dans le bar (je ne le retrouve pas sans mail de notif big_smile )

Dernière modification par Alex10336 (Le 15/01/2018, à 19:17)


« On ne répond pas à une question par une autre question. » (moi ;-) )

Hors ligne