Linus tells it like it is... for my confession, I am totally 'lost' on the Spectre/Meltdown shambles
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It is illegal. No doubt about it. If he isn't prosecuted it is because the system has become completely corrupted. Look at what happened to the bankers responsible for the 2007/8 financial disaster, nothing.
Yep, I completely agree In case there will be no consequences it will show that there was something because of which this didn't happen. Laws are only for mortals
I'm not scared. Knowing full well the Chinese would not make any computer gear handle like the forbidden city.
Back Doors. Secret Passages. Naw. Never happen.
I'll be waiting for when the forum is flooded with
" Look at this! Embedded boards with Arm, Mip, etc..... are hackable remotely
"
My Samsung S7 Phone aint the most secure thing on the planet either. Linus is probably grinning internally also. While yelling his butt off.
Like many, I'm not going to upgrade my Intel cpu for the next few years :-(
Bit scared of the Intel microcode updates as Intel themselves reported unexpected reboots, etc.
Have been looking for a howto towards how to recompile/patch/mitigate the kernel against the spectre security flaws.
Is there a link and/or information available anywhere I could go through?
Thanks all.
Running the 'spectre-meltdown-checker.sh' gives: CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)
> STATUS: VULNERABLE (Vulnerable)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface: NO (kernel confirms your system is vulnerable)
> STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: PTI)
Definitely not an expert. I tend to side with Linus Torvalds, he is an expert. His non PC "the patches are COMPLETE AND UTTER GARBAGE" resinates with me. To the point, I like that. I think this Spectre/Meltdown mess is a lot of gloom and doom posturing.
There have been many gloom and doom events over the past few years, not a single one of them has affected me. So I'm not about to hit the panic button. In fact I am quite amused over the hub-a-bub over this. I will upgrade my kernel as I always do, but I am in no rush to buy new gear. Heck, I still have a P4 machine running Widows XP I am not loosing sleep over this and I simply trust Patrick Volkerding and Linux Torvaids to do the right things. If the right things require new gear, well I guess I just live with that fact. I seriously doubt I will be affected by this latest threat anyway.
^This. I fully second this motion!! My hardware has yet to be affected by this, either. I think the tech journalists have latched on to this latest vulnerabilities and are trying to outdo each other in their posturing. As for myself, I see no need to do anything other than some software updating, sit tight, and wait this one out.
And it is fixed!!... well until the next major Intel stuff up.
Have downloaded the latest 4.15.2 kernel @ www.kernel.org
untar in /usr/src
#yes "" | make oldconfig
did not even had to browse to see if I said yes to anything not required as I was already running the 4.15 kernel
make the kernel and modules
installed them and rebooted into it
And yes after rebooting:
bash-4.4$ sh ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.31
Note that you should launch this script with root privileges to get accurate information.
We'll proceed but you might see permission denied errors.
To run it as root, you can try the following command: sudo ./spectre-meltdown-checker.sh
Checking for vulnerabilities against running kernel Linux 4.15.2-yvesjv-pc #1 SMP PREEMPT Fri Feb 9 04:49:42 ACST 2018 x86_64
CPU is Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: PTI)
A false sense of security is worse than no security at all, see --disclaimer
bash-4.4$
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
--------snipped all the details----------- > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
--------snipped all the details----------- > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
VE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
--------snipped all the details----------- > STATUS: NOT VULNERABLE (Mitigation: PTI)
Do Spectre or Meltdown require physical access to a device in order to exploit it? In this case, I wouldn't worry much, as I have a vicious guard wife ...
<<snip>>
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.