Re: Question on CVE-2017-5754 on Debian 8.9
On Tue, Jan 23, 2018 at 05:07:15PM -0600, Nicholas Geovanis wrote:
Sorry, should have added that the string "Linux version" also does not
appear in the dmesg results
after a reboot. So despite the check script's advice, a reboot doesn't
change the results here.
Sylvestre Ledru has uploaded the script to the Debian archive (package
spectre-meltdown-checker in sid). I haven't checked but they might have
made any necessary alterations for it to perform properly on Debian
systems. It might be worth trying that version. (if any alterations are
required for proper operation on Debian and are *not* made to the
packaged version of the script, a Debian bug is appropriate)
On Tue, Jan 23, 2018 at 5:02 PM, Nicholas Geovanis
<nickgeovanis@gmail.com> wrote:
There was a newer version of the script (about 4 hours newer), but the
new version yields the same result.
So I have a debian 8.6 machine for which this test in the script is failing:
(snip)
This test seems to be a "pre-test": it does not actually test for
whether PTI is enabled; it tests whether the kernel ring buffer has
rotated. There must be a subsequent test in the script to see whether
PTI has been enabled (that is not executed if the kernel ring buffer
has rotated).
If you can identify that subsequent test, *and* if you have your kernel
messages logged somewhere (/var/log/kern.log*, perhaps, or within
journald), then you could adapt the subsequent test to check against
those logs instead of the live ring buffer.
So my question becomes: Is it just my server, or others too? And why me?
Good question. Is this a VPS?
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
Reply to: