Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 May 2018, 05:19
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Tests to run for Spectre & Meltdown to c if ur affected
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1517

PostPosted: Fri 12 Jan 2018, 08:21    Post subject:  Tests to run for Spectre & Meltdown to c if ur affected  

Title says it all.

Yesterday Prehistoric posted this:

http://murga-linux.com/puppy/viewtopic.php?p=979901#979901.

In that msg it has this site, for testing your machines for vulnerabilities to Spectre & Meltdown:

https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

Problem bugger all looks-wise, is those tests seem to be run on Microsoft OSes only. Or can they (since they're scripts) be run on our Linux OSes we run plus maybe our Puppies (Fatdog released a new, patched ISO, which I'm on now, along with FF57.04 (mentioned below), all on 10 yr old Athlon X2 chips, running everything in Firejail, so I am trying my best here Rolling Eyes )??

Past 72 hours I've seen across many of my Linux OSes updates flying in, "intel-mircocode-this-and-that" and kernel stuff. Browsers too: Firefox 57.04 has applied browser patch with 57.04 and onwards. Google can't/won't be able to get theirs out to 23 Jan (those lame a## lazy hillbillies, start moving your nuts). Laughing


So, overall, listen, I can't be the only one: all I wanna know----is there some kind of tests we can run? Anyone actually know? Instead of reading and looking at graphs and/or articles & guessing/surmising that our system(s) are vulnerable & cooked, and possibly never patchable, etc, etc, there's gotta be something like what prehistoric linked above, right? I mean, we are PUPPY! All the geniuses in the Linux world reside here, and us minions benefit from all of your collective mental prowess & acumen Wink Jump a step ahead and save the whole Linux world, you all can do it! Give us test scripts or whatever to run across all our Linux babies, pups and non-pups alike.



P.S. Please, for the love of crap, don't post useless drivel in this thread: What is useless drivel? I.E. like about how there's a good chance there are no spectre & meltdown stuff already out there, so settle down and drink some hot cocoa. Or, even worse, just to take care of yourself and be safe surfing (oh sweetie, just turn javascript off in any browser---well, BITE ME---no javascript makes the web non-functional for all sites---even murga, cannot post right without it) and lay off the NoScript/etc mentioning, which is and has always been a bandaid major PITA and not worth the bits space it takes up. Lightweight adblockers, especially ublock-origin, as an example, yes, useful and most of us run some form of that. It's stuff like this. Nix it in this thread. Just keep this conversation/thread specifically to tests we can definitively and/or possibly run regarding Spectre & Meltdown. Thank you.
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1484

PostPosted: Fri 12 Jan 2018, 12:15    Post subject:  

Yes, the Windows article posted by prehistoric was silly, this is a Linux forum.

This is my easy way to test Meltdown for now and I'm sticking to it Laughing
http://www.murga-linux.com/puppy/viewtopic.php?p=979144#979144
http://www.murga-linux.com/puppy/viewtopic.php?p=979906#979906
http://www.murga-linux.com/puppy/viewtopic.php?p=979684#979684

Spectre is just a distraction to get people to hate Intel less right now... imo. Smile

edit: Of course, the problem is also the computers you're connecting to, which could get compromised.
Back to top
View user's profile Send private message 
Marv


Joined: 04 May 2005
Posts: 1041
Location: SW Wisconsin

PostPosted: Fri 12 Jan 2018, 13:07    Post subject:  

I use the attached script for a quick check (It's from here: https://www.ghacks.net/2018/01/11/check-linux-for-spectre-or-meltdown-vulnerability/) As always, have a look at it before you run.
spectre-meltdown-checker.sh.gz
Description  false gz, remove to examine or run.
gz

 Download 
Filename  spectre-meltdown-checker.sh.gz 
Filesize  26.18 KB 
Downloaded  122 Time(s) 

_________________
Pups currently in kennel Very Happy LxPupSc and X-slacko-4.4 for my users; LxPupSc, LxPupSc64, and LxPupBB for me. All good pups indeed, and all running savefiles for look'n'feel only. Browsers, etc. solely from SFS. Now tazpup for puzzles Smile
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1484

PostPosted: Fri 12 Jan 2018, 16:03    Post subject:  

Just for clarification, that script only tries to check if the kernel/OS has mitigation in place against the 3 exploits (from what I can tell looking at the output), it doesn't know how to tell if your machine or CPU is actually vulnerable to them:

Quote:
The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer explicitly stated otherwise in a verifiable public announcement.
Back to top
View user's profile Send private message 
fabrice_035


Joined: 28 Apr 2014
Posts: 469

PostPosted: Fri 12 Jan 2018, 16:35    Post subject:  

Hi,
I try to fend for myself to recompil kernel for my Tahrpup 6.0.6 (32bits)
And the good news, after recompil linux-3.14.79 ( follow that puppylinux.org/wikka/CompilingKernel ) i found my puppy's is now more fast! Razz Cool

But... vulnerable Twisted Evil

Next time patching. Others try ?
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12192
Location: Gatineau (Qc), Canada

PostPosted: Sat 13 Jan 2018, 00:10    Post subject:  

Thanks for the script, Marv, but I'm still not sure if this old box is vulnerable,
because of the "unknown" mention in the first part.

Quote:
[/mnt/ram1/Downloads]>./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.24

Checking for vulnerabilities against live running kernel Linux 4.1.2-EmSee-32-pae #1 SMP Wed Jul 15 12:39:34 BST 2015 i686

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: UNKNOWN (couldn't find your kernel image in /boot, if you used netboot, this is normal)
> STATUS: UNKNOWN (impossible to check )

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: NO
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): NO
* PTI enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer

A couple of grumblings:
-- the guy who wrote this has an infinite width console...
At 72-75 characters, there is supposed to be a line feed!!!

-- the light bulb over this guy's head is off: not all distros have their kernels in /boot

-- That "disclaimer" is not re-assuring... It's nowhere in sight, too.

BFN.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
Marv


Joined: 04 May 2005
Posts: 1041
Location: SW Wisconsin

PostPosted: Wed 17 Jan 2018, 18:13    Post subject:  

Hi musher0,

Yea, pretty it ain't but so far I haven't found anything simpler. You can check the first part by running the checker 'offline' ie. with --kernel <path to your vmlinuz> . It needs the readelf and dependencies in the full binutils package, not eu-binutils as in some pups. The retpoline patch for the spectre 2 & 3 is supposed to show up in the 4.15 64-bit kernel and be backported to 4.14.14 and 4.9.77 IIRC. We'll see.

All in all, it's ALL a pretty big mess!

Edit/update on Jan 28 2018: The newer kernels, certainly any that have kpti support, report their mitigation status in the sysFS. A very simple script I use to quickly read that info out is attached. Not the only way to do it but it works for me.
VulnChecker.gz
Description  False gz. Remove gz and make it executable to run.
gz

 Download 
Filename  VulnChecker.gz 
Filesize  246 Bytes 
Downloaded  40 Time(s) 

_________________
Pups currently in kennel Very Happy LxPupSc and X-slacko-4.4 for my users; LxPupSc, LxPupSc64, and LxPupBB for me. All good pups indeed, and all running savefiles for look'n'feel only. Browsers, etc. solely from SFS. Now tazpup for puzzles Smile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0457s ][ Queries: 15 (0.0085s) ][ GZIP on ]