What does HackerNews think of spectre-meltdown-checker?
Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD
Language:
Shell
#111
in
Linux
The well-known spectre-meltdown check says that my Q9650 is not vulnerable to Meltdown or Spectre 1-3.
It is vulnerable to variant 3a, 4, Fallout, Zombieload, and and both RIDLs.
OpenBSD will disable all but the first thread on any Intel processor by default. I'm assuming that an Intel i5-3320M (2 cores 4 threads) is too old to have microcode updates addressing the Spectre exploits (Meltdown, Foreshadow, Fallout, Zombieload, RIDL etc.), and disabling SMT/HT might be the most secure thing to do by default.
This script produces a good assessment of Spectre problems for a wide variety of CPUs. I know that they are difficult to exploit, and the mitigations are disabled by many because of their performance impact.
> - To what extend is this fixed by the mitigations which the kernel provides [0] for the Intel bugs? What do I have to add to my kernel command line?
You can test your (linux/bsd) system with the following:
https://github.com/speed47/spectre-meltdown-checker
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public since 2018.
I find exceptionally difficult to write anything but trivial shell scripts without bugs. This one took years, and I suspect #bash could still find a bug: https://github.com/jakeogh/commandlock
On the other hand, this is amazing: https://github.com/speed47/spectre-meltdown-checker
Is https://github.com/speed47/spectre-meltdown-checker the best tool? Impressive chunk of sh.