LINUX.ORG.RU
ФорумSecurity

А вы уязвимы?

 , ,


0

3

С последних громких уязвимостей спекулятивного выполнения команд прошло около года. Стало интересно, сколько процентов машин по-прежнему уязвимы?

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling


Последнее исправление: Pacmu3ka (всего исправлений: 1) 

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling
Deleted
() 
$ cd /sys/devices/system/cpu/vulnerabilities/ && grep . * && popd
l1tf:Mitigation: PTE Inversion; VMX: vulnerable
mds:Vulnerable; SMT vulnerable
meltdown:Vulnerable
spec_store_bypass:Vulnerable
spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled

$ grep -o 'mi.*f' /proc/cmdline
mitigations=off
anonymous
() 
l1tf:Mitigation: PTE Inversion
mds:Mitigation: Clear CPU buffers; SMT disabled
meltdown:Mitigation: PTI
spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
Andreezy
() 
l1tf:Not affected
mds:Not affected
meltdown:Not affected
spec_store_bypass:Not affected
spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
spectre_v2:Vulnerable, STIBP: disabled
anonymous
()

А, прикинь, ещё 2 таких «уязвимости», которых не нашли просто. В каком-нить intel vt-d.

menangen ★★★★★
()
Ответ на: комментарий от anonymous

$ cd /sys/devices/system/cpu/vulnerabilities/ && grep . * && popd

Была бы у меня армия, взял бы тебя полководцем за непредсказуемость.

t184256 ★★★★★
()
Ответ на: комментарий от t184256

глупый, я же о твоих глазках забочусь, чтобы тебе проще было мои уязвимости разглядывать. а то как я это делаю, совсем не важно, хочешь — сделай по-своему.

anonymous
() 
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Not affected

один из немногих плюсов армохлама по сравнению с божественным x86

fsb4000 ★★★★★
() 
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
buka14
()

и ? 

└──╼ $grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
┌─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
bash: /sys/devices/system/cpu/vulnerabilities/l1tf:Not: No such file or directory
┌─[✗]─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/mds:Not affected
bash: /sys/devices/system/cpu/vulnerabilities/mds:Not: No such file or directory
┌─[✗]─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
bash: /sys/devices/system/cpu/vulnerabilities/meltdown:Not: No such file or directory
┌─[✗]─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
bash: /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation:: No such file or directory
┌─[✗]─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
bash: /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation:: No such file or directory
┌─[✗]─[xy@parrot]─[~]
└──╼ $/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
bash: /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:: No such file or directory

ustas1
() 
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled

повыключал всё, кроме KPTI, т.к. включённых мой старичок Sandy i5-2540m не вывозит, греется и лагает.

SkyMaverick ★★★★★
()

grep: /sys/devices/system/cpu/vulnerabilities/*: No such file or directory

АПВС?

aol ★★★★★
()

а я отключил на некоторых машинах сие.
$ dmesg | grep boot
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.0.0-29-generic root=UUID=0bb4f50e-ed9b-4b9e-8bfc-30771785be37 ro lapic noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, STIBP: disabled

pfg ★★★★★
()
Последнее исправление: pfg (всего исправлений: 2)
Ответ на: комментарий от gremlin_the_red

а гуй где ?? без гуя жизни нету ни….
это не то чтобы не красиво, тут даже 32битного цвятного дизайнерского перелива нету, это блжад консоль с вырвицветными 16 колорами на фсЁ !! :)

pfg ★★★★★
()
Последнее исправление: pfg (всего исправлений: 1)

Нормально так товарищ майор метрик снял.

garik_keghen ★★★★★
()
Ответ на: комментарий от gremlin_the_red

красивая и подробная штука

я уж думал там web gui, чтобы и венду проверить

anonymous
()
Ответ на: комментарий от pfg

а я отключил на некоторых машинах сие.

И, естественно, безграмотно.

Для отключения хватит одного параметра mitigations=off

Deleted
() 
$ sudo spectre-meltdown-checker --batch text --paranoid
CVE-2017-5753: OK (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715: OK (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)
CVE-2018-3639: OK (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615: VULN (your CPU supports SGX and the microcode is not up to date)
CVE-2018-3620: OK (Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled)
CVE-2018-3646: VULN (L1D unconditional flushing should be enabled to fully mitigate the vulnerability)
CVE-2018-12126: OK (Mitigation: Clear CPU buffers; SMT disabled)
CVE-2018-12130: OK (Mitigation: Clear CPU buffers; SMT disabled)
CVE-2018-12127: OK (Mitigation: Clear CPU buffers; SMT disabled)
CVE-2019-11091: OK (Mitigation: Clear CPU buffers; SMT disabled)
anonymous
() 
grep . /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers at empted, no microcode; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointe  sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic  etpoline, STIBP: disabled, RSB filling

Только кого мне бояться если на выделенном сервере кроме меня никого нет ? Если ломанут рута через очередную уязвимость допустим exim то уже неважно есть ли эти процессорные уязвимости или нет - не так ли ?

suffix ★★
()

сколько процентов машин по-прежнему уязвимы?

да, было бы интересно, сколько мамкиных хакеров выкинули штеуд и купили рязань, потому что ОПАСНОСТЬ.

Alve ★★★★★
() 
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling
insfel
()
Ответ на: комментарий от anonymous

Ничего не понимаю, запустил, и выдает такое:


cat renew_ids.sh 
renew_id()
{
        File=$1;
        rm -f $File; 
        dbus-uuidgen --ensure=$File;
}

renew_id /etc/machine-id;
renew_id /var/lib/dbus/machine-id;

Как такое может быть? пожалуйста, объясните.

anonymous
() 
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, STIBP: disabled
Bloody ★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Security