spectre-meltdown-checker

2 risposte [Ultimo contenuto]
eric23
Offline
Iscritto: 06/30/2017

So I scanned my computer with spectre-meltdown-checker and it says there is one vulnerability. Is this common with other computers or just certain CPUs?

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: YES (for firmware code only)
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

jxself
Offline
Iscritto: 09/13/2010
eric23
Offline
Iscritto: 06/30/2017

What makes a program unprivileged when we install it with the package manager?

I had to install non-free software as part of my school. I had thought it was safe if I used a virtual machine, but Oliva's article is saying spectre meltdown could enable that software, even unprivileged, to look into areas I keep secret from the guest OS.

As far this is all concerned what prevents a free software pre-execution scanner that would test those unaudited code or compiled programs. We are at risk if we run javascript programs as Oliva's article suggest, as most of those programs are unaudited.