Discussione:
ma
(troppo vecchio per rispondere)
fandango
2018-02-08 07:49:58 UTC
Permalink
il kernel4.4.0-112-generic sarà immune ai 2 viruzz della cpu?
--
Linux Lite 3.8
eeeyyy
2018-02-08 08:17:45 UTC
Permalink
Post by fandango
il kernel4.4.0-112-generic sarà immune ai 2 viruzz della cpu?
--
Linux Lite 3.8
Hhhhh
--
----Android NewsGroup Reader----
http://usenet.sinaapp.com/
verde
2018-02-08 08:55:20 UTC
Permalink
Post by fandango
il kernel4.4.0-112-generic sarà immune ai 2 viruzz della cpu?
immune è una parola grossa
--
non firmaaare! cit.
pino
2018-02-08 13:48:47 UTC
Permalink
Post by fandango
il kernel4.4.0-112-generic sarà immune ai 2 viruzz della cpu?
AFAIK no, ma cmq sia NP: i comandi per verificarlo, li conosci già:

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :("

grep cpu_insecure /proc/cpuinfo && echo "patched :)" || echo "unpatched :("

dmesg | grep "Kernel/User page tables isolation: enabled" && echo "patched :)" || echo "unpatched :("
fandango
2018-02-08 15:14:29 UTC
Permalink
Post by pino
Post by fandango
il kernel4.4.0-112-generic sarà immune ai 2 viruzz della cpu?
grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo
"patched :)" || echo "unpatched :("
grep cpu_insecure /proc/cpuinfo && echo "patched :)" || echo "unpatched :("
dmesg | grep "Kernel/User page tables isolation: enabled" && echo
"patched :)" || echo "unpatched :("
https://is.gd/vyu4IM
--
Linux Lite 3.8
fandango
2018-02-08 15:22:30 UTC
Permalink
Post by fandango
https://is.gd/vyu4IM
Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC
2018 x86_64
CPU is AMD Athlon(tm) II X4 630 Processor

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: NO
* CPU indicates IBPB capability: NO
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):
NO
* CPU microcode is known to cause stability problems: NO
* CPU vulnerability to the three speculative execution attacks variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: NO

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Kernel has array_index_mask_nospec: NO
* Checking count of LFENCE instructions following a jump in kernel...
YES (71 jump-then-lfence instructions found, which is >= 30 (heuristic))
Post by fandango
STATUS: NOT VULNERABLE (Kernel source has PROBABLY been patched to
mitigate the vulnerability (jump-then-lfence instructions heuristic))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
* Retpoline enabled: NO
Post by fandango
STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with
retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Running as a Xen PV DomU: NO
Post by fandango
STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as
not vulnerable)

A false sense of security is worse than no security at all, see --
disclaimer
***@fan-dango:~/Scaricati/spectre-meltdown-checker-master$
--
Linux Lite 3.8
fandango
2018-02-08 15:24:50 UTC
Permalink
A
in pratica sono un po' vulllneravvile e un po no

sarKaz
--
Linux Lite 3.8
pino
2018-02-08 15:53:11 UTC
Permalink
Post by fandango
A
in pratica sono un po' vulllneravvile e un po no
sarKaz
in pratica non basta neanche il kernel 4.15 perchè
non include tutte le patch per tutte le varianti
(come per tutti gli altri OS)
pino
2018-02-08 15:58:17 UTC
Permalink
Post by pino
Post by fandango
A
in pratica sono un po' vulllneravvile e un po no
sarKaz
in pratica non basta neanche il kernel 4.15 perchè
non include tutte le patch per tutte le varianti
(come per tutti gli altri OS)
perciò, quando maneggi dati sensibili, chiudi i browser
o meglio: stai completamente off line

e runna soltanto codice proveniente da fonti sicure
fandango
2018-02-08 18:54:12 UTC
Permalink
perciò, quando maneggi dati sensibili, chiudi i browser o meglio: stai
completamente off line
è difficile essere off line quando si fa internet banking
--
Linux Lite 3.8
pino
2018-02-08 19:10:37 UTC
Permalink
Post by fandango
perciò, quando maneggi dati sensibili, chiudi i browser o meglio: stai
completamente off line
è difficile essere off line quando si fa internet banking
meh... provaci col RasPi

Loading...