Ubuntu – Has anyone independently vetted Speed 47’s shell script (spectre-meltdown-checker.sh) that checks for Meltdown and Spectre patches

command linegithubkernelscriptsSecurity

There is this code going around that checks whether your kernel has been patched for Spectre and Meltdown.
It is at:
https://github.com/speed47/spectre-meltdown-checker

Other commentators have talked about the limitations of its method, but I have not found anyone say anything about whether it's safe to run as root.

Can somebody weigh in on the safety aspect of this script?

Does it do anything beyond checking for these vulnerabilities, such as changing system configuration or make any change that could survive beyond reboot?

Thank you

Best Answer

The script is actually checking the mitigations in kernel for all three vulnerabilities. By now the LTS systems and Ubuntu 17.10 have available mitigations for Meltdown vulnerability.

There is a C program to determine one of the Spectre vulnerabilities. You can check if your processor is vulnerable with:

wget https://gist.githubusercontent.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6/raw/41bf9bd0e7577fe3d7b822bbae1fec2e818dcdd6/spectre.c

gcc spectre.c -o spectre -std=c99 -w -O0

./spectre

If you can see lines with:

Reading at malicious_x = 0xffffffffffdfebb8... Success: 0x54=’T’ score=7

Then your processor is vulnerable to Spectre branch prediction.

I have personally tested Intel Atom 1st gen, Core 2 Duo E8400, Core 2 Duo 4300 not to be vulnerable and Core i5 3230M, AMD Turion TL-56 to be vulnerable based on running this program.