> Attribution is trivial and left as an exercise to the reader.
Huh? It isn't to me. Can someone clarify on this?
Also:
- To what extend is this fixed by the mitigations which the kernel provides [0] for the Intel bugs? What do I have to add to my kernel command line?
- Where did he get the binary from? VirusTotal doesn't allow arbitrary people to download binaries which someone else uploaded, does it?
[0] https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/i...
> What do I have to add to my kernel command line?
Paranoid users of Ubuntu and Debian can install this package: https://packages.debian.org/bullseye/hardening-runtime . Then reboot.
It disables SMT, so independently of mitigations you won’t be vulnerable, but of course Hyper-Threading will be gone.
Supports Fedora, Arch, Debian, and openSUSE.
Has GNOME, Firefox, kernel cmdline, sysctl, firewalld, NetworkManager, and systemd unit hardening among other things.
Goes well with firejail (am a developer of): https://github.com/netblue30/firejail