Tarisa kana iwe uchikanganiswa neMeltdown uye Specter uye uzvidzivirire !!!

Meltdown uye Specter logo ine Linux chigamba

Kunyungudika uye Specter Aya ndiwo maitiro emazuva mashoma apfuura, hapana kutaura nezvechimwewo chinhu uye hazvishamise, nekuti ndizvo zvimwe zvinokanganisa zvakanyanya munhoroondo. Zvinokanganisa zvakanyanya kuchengetedzeka kwesystem yedu uye kana iyo system iri yekambani kana iwe uine data rakakodzera, dambudziko rakanyanya kutonyanya. Nekudaro, zvinogara zvichingofungidzirwa kuti chete madhesiki, malaptop, maseva uye supercomputer anokanganiswa, asi zvinokuvadza zvinoenderera mberi uye zvinokanganisa zvimwe zvakawanda zvishandiso, senge izvo zvinoenderana nemaARM cores uye ipapo vanosanganisira mapiritsi, mafoni, zvimwe zvishandiso IoT, maindasitiri, home automation, kunyange mota dzakabatana.

Sezvo iwe uchinyatso kuziva, hachisi chinhu chakasarudzika kuLinux neimwe nzira, asi asi inokanganisa akasiyana masisitimu anoshanda, zvakare Microsoft Windows uye macOS zvinokanganiswa nazvo, pasina kukanganwa iOS uye Android. Naizvozvo vashoma vanopunyuka izvi zvinotyisidzira, kunyangwe chiri chokwadi kuti mamwe maCCU anovakwa akaponeswa uye kuti kana tiine chip ye AMD, mikana yekushandisa hurema uhwu ingangoita shoma, asi izvo hazvireve kuti hapana njodzi.

Ndeapi mamiriro ezvinhu aripo eLinux?

Bugs

Linux inonyanya kufambisa nyikaKunyangwe hazvo vazhinji vachitenda kuti ihurongwa husingawanzo kushandiswa, hwakatopesana. Pamwe zvakakundikana muchinhu icho chakagadzirirwa iyo desktop uye ndiyo chaiyo chikamu chete uko iri diki kana ichienzaniswa neWindows yemasimba ese uye ichienzaniswa nechikamu chakanaka icho Mac anacho. maseva, supercomputer, nezvimwewo, Linux ndiyo yakanyanya kutonga uye ndiwo maseva eInternet maanokosha uye pasina iyo zvinogona kunzi Internet inodonha ...

Ndokusaka muLinux akaita pamberi pane chero imwe system yekugadzirisa matambudziko ayo Meltdown neSpecter vangasiya kumashure. Kare Linus Torvalds Akataura nezvenyaya iyi nemashoko makukutu kuIntel uye ukatarisa kuLKML uchaona kuti inyaya yekunetsekana uye ndiwo marongero ezuva iri. Uye ruoko rwake rwerudyi uye nhamba mbiri muLinux kernel kuvandudza, Greg Kroah-Hartman akazviita futi. Kuti uwane rumwe ruzivo iwe unogona kubvunza rake pacheche blog kwaunowana ruzivo rwakakwana.

  • Kusununguka: Chaizvoizvo Greg akataura kuti maererano neMeltdown inogona kupera pa x86 nekusarudza kusanganisira CONFIG_PAGE_TABLE_ISOLATION, a peji tafura yekuzviparadzanisa (PTI) kuti makomputa ane AMD processor, asina kukanganiswa nawo, anofanirwa kudzivirira kudzivirira matambudziko nekuita. Iwe unogona kunge wakatoziva kuti mamwe makomputa ane AMD chip akamira kubhowa nekuti Windows chigamba chakaunza matambudziko akakomba. PTI ichaverengerwa muLinux 4.15 nekukasira, asi nekuda kwekukosha kwayo maererano nekuchengetedzwa ichave yakabatanidzwa mushanduro dzakapfuura senge LTS 4.14, 4.9 uye 4.4 ... uye pamwe nekufamba kwenguva chigamba chichaiswa mune dzimwe shanduro zhinji , asi kushivirira nekuti zvinoreva kuwandisa kwebasa revagadziri. Uye ivo vari kumhanyisa zvakare muzvinhu zvine chekuita nechigamba senge vDSO mune mamwe chaiwo mashini setups. Nezve ARM64, yakabatwa zvishoma neMeltdown rinova dambudziko guru reIntel, machipisi emidziyo mizhinji uye zvimwe zvishandiso zvinodawo chigamba, kunyangwe zvichiratidzika kuti hazvizobatana neiyo huru kernel muti munguva pfupi (pamwe paLinux. 4.16, kunyangwe Greg akataura kuti haangambosvika nekuda kwehuwandu hwezvinodiwa izvo zvigamba zvinofanirwa kubvumidzwa) uye nekudaro zvinokurudzirwa kushandisa tsanga dzakananga, ndokuti, Android Common Kernel mumatavi ayo 3.18, 4.4 uye 4.9 .
  • Specter: iro rimwe dambudziko rinokanganisa zvimwe zvivakwa, uye rakaomarara kubata naro. Zvinotaridza kuti hatizowana mhinduro yakanaka munguva pfupi uye isu tichafanirwa kugarisana nedambudziko iri kwechinguva. Mune ayo maviri akasiyana, inoda iyo system kuti iumbwe uye mamwe mabudiro enharaunda emamwe madhiri atotanga kuburitsa zvigamba kuti zvidzikise, asi mhinduro dzakapihwa dzakasiyana uye kwenguva iyo ivo havazobatanidzwe sechikamu chebazi hombe. yeiyo kernel kusvikira Iyo yakanakisa mhinduro inoonekwa pamberi peCPU vagadziri vauya neyakanakisa mhinduro (gadzirisazve machipisi avo). Mhinduro dzakaverengerwa uye vari kutsvaga mamwe matambudziko munzira, sekusaziva kukuru nezveSpecter. Vagadziri vanoda imwe nguva yekufunga kuti voita sei nedambudziko, uye iye Greg akataura kuti "Iyi ichave inzvimbo yekutsvaga mumakore anotevera kutsvaga nzira dzekudzora zvinokwanisika zvinosanganisa Hardware, inozoedzawo kufanotaura mune ramangwana zvisati zvaitika.".
  • Chromebooks- Kana iwe uine Google laptop iwe unofara kuziva kuti iwe unogona kuona chimiro chebasa ravari kuita kugadzirisa Meltdown pane ino runyorwa.

Maitiro ekutarisa zviri nyore kana ndikabatwa?

Injini yekutsvaga

Kuti urege kutenderera uchitarisa matafura kana zvinyorwa zvema microprocessors, pano isu tinokurudzira script izvo zvavakagadzira kuti vakwanise kutarisa zviri nyore kana isu takakanganiswa kana kwete, isu tinongofanirwa kurodha nekumhanyisa uye ichatiudza kuti kana tiri munjodzi kubva kuSpecter neMeltdown. Mirayiridzo kana matanho ekutevera ari nyore:

git clone https://github.com/speed47/spectre-meltdown-checker.git

cd spectre-meltdown-checker/

sudo sh spectre-meltdown-checker.sh

Mushure mekuita izvi, bhokisi dzvuku rinozoonekwa kuratidza kana isu tiri panjodzi neMeltdown kana Specter kana chiratidzo chegreen kana tikachengeteka kubva misiyano yeidzi njodzi. Mune yangu kesi, semuenzaniso, kuva ne AMD APU (isina kana kugadzirisa iyo system), mhedzisiro yave iri:

HAZVIKONZESWE

Kana mhedzisiro yacho yave iri yakatsvuka VULNERABLE, verenga chinotevera chikamu ...

Chii chekuita kana ini ndikabatwa?

Microprocessor

Mhinduro yakanakisa, sekutaura kwevamwe, kuchinjira kuCPU kana microprocessor iyo isingabatwe nedambudziko. Asi izvi hazviite kune vazhinji vevashandisi nekuda kwekushomeka kwebhajeti kana zvimwe zvikonzero. Zvakare, vagadziri vakaita seIntel ivo vanoramba vachitengesa microprocessors yakakanganiswa uye izvo zvakatangwa nguva pfupi yadarika, senge Kofi Lake, nekuti michina midiki inowanzo kuve nenguva dzakareba dzekuvandudza uye ikozvino vari kushanda mukugadzirwa kwema microarchitecture emangwana ayo anozoonekwa pamusika mumakore anouya, asi machipisi ese ari kutengeswa izvozvi uye izvo zvinogona kunge zvichashambadzirwa mumwedzi inotevera zvicharamba zvichikanganiswa padanho rehardware.

Naizvozvo, mukutambura kwechirwere ichi uye tichida "kuchigadzirisa", isu hatina imwe sarudzo kunze kwekubata yedu yekushandisa (usakanganwa mabhurawuza, nezvimwewo), chero zvingave zviri, uyezve kugadzirisa zvese software yatinayo. Kana wakanyatsogadziriswa iyo yekuvandudza system Yakanga yatove yakakosha kwazvo, ikozvino kupfuura nakare kose iwe unofanirwa kuramba uchiziva nezvazvino, nekuti pamwe navo kunouya zvigamba zvinogadzirisa dambudziko reMeltdown neSpecter kubva padivi re software, kwete pasina kurasikirwa kwekuita sezvatakambotaura. ..

Mhinduro yacho haina kuomesera mushandisi, isu hatifanirwe kuita chero chinhu "chakakosha", ingo ita chokwadi chekuti mugadziri wekuparadzira kwedu aburitsa iyo yekuvandudza yeMeltdown neSpecter uye kuti isu tatoiisa. Mamwe ruzivo nezvazvo.

Kana iwe uchida, unogona kutarisa kana chigamba chakaiswa (kana zvichidikanwa) cheMeltdown pane yako distro nemurairo uyu:

 dmesg | grep "Kernel/User page tables isolation: enabled" && echo "Tienes el parche! :)" || echo "Ooops...no tienes la actualización instalada en tu kernel! :(" 

*Ngwarira Ubuntu kernel 4.4.0-108-genericVamwe vashandisi vakashuma matambudziko pamakomputa avo kana vachinge vatora mushure meyekuvandudza uye vaifanirwa kudzokera kune vhezheni yapfuura. Canonical inoita kunge yakaigadzirisa muna 4.4.0-109-generic ...

Kurasikirwa kwekuita: paive nekutaura kwe30% mune dzimwe nguva, asi zvinoenderana neiyo microarchitecture. Muzvivakwa zvekare, kurasikirwa kwekuita kunogona kuve kwakanyanya nekuti iko kuita kwekuita uko zvivakwa izvi zvinonyanya kubva mukuvandudzwa kunopihwa neOoOE kuuraya uye iyo TLB ... Muzvivakwa zvemazuva ano, zvinotaurwa pakati pe2% ne6. % Zvichienderana nerudzi rwe software inomhanyisa vashandisi vepamba, pamwe munzvimbo dzemadata kurasikirwa kwacho kwakanyanya (pamusoro pe20%). Sekuzivikanwa neIntel pachayo, mushure mekudzikisira pasi izvo zvaiuya kwavari, mashandiro muma processors pamberi paHaswell (2015), kudonha kwekuita kuchanyanya kuve kwakaipisisa kupfuura iko 6% kunyangwe kune vashandisi vakajairika ...

Usakanganwa kusiya zvaunotaura nekusahadzika kwako kana mazano ...


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Makomendi gumi, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Shalem Dior Juz akadaro

    Yakanaka kwazvo posvo, ndinokutendai zvakanyanya uye makorokoto. Zvakare neiyo AMD APU, ndakamhanya script uye zvese zvaive zvakanaka. Mamwe erimu, mamwe jecha: uye kufunga kuti pandakapinda muchikwata ichi imhaka yekusimudzira kwakanakisa kwakaonekwa makore apfuura muchitoro checheni uye nekufamba kwenguva ndakatuka ramangwana rangu rakapihwa gehena raigara nevanotyaira AMD veGNU / Linux (Mushure mekupera, ndakasarudza kuzvipa kune maDrivers emahara uye ndinofara, zvinoshanda zvirinani pane Windows 10). Ndine shamwari dzakakanganiswa zvakanyanya nedambudziko uye zvishandiso zvavo zvinodzokera zvakare kuPentium 4 era, iine i3 uye i5 processor.

  2.   lupe akadaro

    Specter uye Meltdown kudzora kudzora chishandiso v0.28

    Kutarisa kusagadzikana pakumhanya kernel Linux 4.14.12-1-MANJARO # 1 SMP KUFUNGWA Sat Jan 6 21:03:39 UTC 2018 x86_64
    CPU iri Intel (R) Core (TM) i5-2435M CPU @ 2.40GHz

    CVE-2017-5753 [kumiganhu cheka kupfuura] aka 'Specter Variant 1'
    * Kuongorora kuverenga kweLFENCE opcode mukernel: HERE
    > STATUS: VULENERABLE (makumi maviri nemaviri opcodes akawanikwa, anofanira kunge ari = = 21, heuristic kuti ivandudzwe kana mabara ehurumende ave kuwanikwa)

    CVE-2017-5715 [davi rinotarisirwa jekiseni] aka 'Specter Variant 2'
    * Kudzikisira 1
    * Hardware (CPU microcode) inotsigira kudzikisira: HAPANA
    * Kernel inotsigira IBRS: HAPANA
    * IBRS inogoneswa yeKernel nzvimbo: HAPANA
    * IBRS inogoneswa yeMushandisi nzvimbo: HAPANA
    * Kudzikisira 2
    * Kernel yakarongedzwa ne retpoline sarudzo: HERE
    * Kernel yakarongedzwa neetpoline-inoziva compiler: HERE
    > STATUS: VULNERABLE (IBRS Hardware + kernel tsigiro KANA kernel ine retpoline inodiwa kudzikisira kusagadzikana)

    CVE-2017-5754 [rogue data cache mutoro] aka 'Meltdown' aka 'Variant 3'
    * Kernel inotsigira Peji Tafura Isolate (PTI): EHE
    * PTI inogoneswa uye inoshanda: EHE
    > STATUS: HAZVIKONZESWE (PTI inoderedza kusagadzikana)

    Kufunga kwekunyepa kwekuchengeteka kwakaipisisa kupfuura kusava nekuchengetedzeka zvachose, maona- chiziviso

    Muchikamu chino ndinoti hongu, uye mumufananidzo iwe unoti kwete.
    * PTI inogoneswa uye inoshanda: EHE
    ndoita sei

    1.    Isaac akadaro

      Sawa,

      Ini handishandisi Manjaro, asi ndinofungidzira kuti vachange vachishanda pane yekuvandudza. Saka chengetedza yako system sezvazviri sezvazvinogona. Shanduro dzichangoburwa dzekernel zvakare shandisa mhinduro kana iwe uchida kudziisa ...

      Kwaziso nekutenda nekuverenga!

  3.   Daniel akadaro

    MuUbuntu vakagadzirisa dambudziko reMeltdown neiyo kernel yekuvandudza, 4.13.0.
    Ini ndinoshandisa Peppermint 8 uye kuita iyo Meltdown yekushomeka bvunzo hakuchandikande ini ndiri munjodzi.
    Thanks.

  4.   Kuende (KUE) akadaro

    Specter uye Meltdown kudzora kudzora chishandiso v0.28

    Kutarisa kusagadzikana pakumhanya kernel Linux 4.14.13-041413-generic # 201801101001 SMP Wed Jan 10 10:02:53 UTC 2018 x86_64
    CPU ndeye AMD A6-7400K Radeon R5, 6 Compute Cores 2C + 4G

    CVE-2017-5753 [kumiganhu cheka kupfuura] aka 'Specter Variant 1'
    * Kuongorora kuverenga kweLFENCE opcode mukernel: HERE
    > STATUS: VULENERABLE (makumi maviri nemaviri opcodes akawanikwa, anofanira kunge ari = = 29, heuristic kuti ivandudzwe kana mabara ehurumende ave kuwanikwa)

    CVE-2017-5715 [davi rinotarisirwa jekiseni] aka 'Specter Variant 2'
    * Kudzikisira 1
    * Hardware (CPU microcode) inotsigira kudzikisira: HAPANA
    * Kernel inotsigira IBRS: HAPANA
    * IBRS inogoneswa yeKernel nzvimbo: HAPANA
    * IBRS inogoneswa yeMushandisi nzvimbo: HAPANA
    * Kudzikisira 2
    * Kernel yakarongedzwa ne retpoline sarudzo: HERE
    * Kernel yakarongedzwa neetpoline-inoziva compiler: HERE
    > STATUS: HAZVIKONZESWE (wako CPU mutengesi akataura nezve yako CPU modhi seasina njodzi)

    CVE-2017-5754 [rogue data cache mutoro] aka 'Meltdown' aka 'Variant 3'
    * Kernel inotsigira Peji Tafura Isolate (PTI): EHE
    * PTI inogoneswa uye inoshanda: HAPANA
    > STATUS: HAZVIKONZESWE (wako CPU mutengesi akataura nezve yako CPU modhi seasina njodzi)

    Kufunga kwekunyepa kwekuchengeteka kwakaipisisa kupfuura kusava nekuchengetedzeka zvachose, maona- chiziviso

    Haina kugadziriswa nekuve neiyo yazvino kernel?

    Reply with quote

  5.   lol akadaro

    Pane nzira here yekuyera kuti mashandiro anotibata sei usati uye mushure mekuisa chigamba ???

bool (chokwadi)