2

I did a google search for "test for meltdown and spectre" and found a really disconcerting collection of disreputable-looking links.

I did find an ubuntu page on these attacks which referred to what appears to be an authoritative page detailing these attacks with lots of information. However, there does not appear to be any trustworthy script that one can run to check for this vulnerability on one's machines.

Does anyone know of such a script?

S. Imp
  • 2,833
  • 11
  • 24
  • AFAIU the attacks are yet theoretical, with attackers needing to run continuously for a very long time and a small chance of seeing some data from other processes or the kernel (which then still needs to be something relevant like a password which is unlikely). I also searched for exploit demonstrators and found nothing. But I searched just briefly, so this is no sure statement. I would love to see such a thing, though. – Alfe Feb 08 '18 at 17:34
  • Ars Technica has [had](https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/) [some](https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/) [good](https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/) [articles](https://arstechnica.com/gadgets/2018/01/good-newsbad-news-in-quest-to-get-meltdown-and-spectre-patched/) about the details. I especially wonder about virtual machines running in cloud on hypervisors. – S. Imp Feb 08 '18 at 17:42
  • This [ars technica article](https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/) says that Microsoft has a [powershell script](https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in). – S. Imp Feb 13 '18 at 17:23

1 Answers1

0

The testing (now also stretch-backports) flavour of Debian's main archive provides spectre-meltdown-checker, a package containing a run-as-root shell script that performs checks that sound similar to the ones you're looking for.

Given the connection between the two distros and the package not appearing to declare specific runtime dependencies, I would expect it to be straightforward to install and run on Ubuntu.

Caveat: be sure to read the output returned by the disclaimer command line switch.