@Rich: Remember the first instruction of The Hitchiker’s Guide to the Galaxy - “Don’t Panic”. The command gives the same on my PC (and probably everyone else’s), so I guess it tells the PC what to do in an emergency.
Thank you, Mark. It makes me feel good to know that I am up there with the experts who don’t know either! But your guesses seem very reasonable.
The cpuinfo command does indeed provide much more info, although I’m not sure I can make use of it all.
I guess “capacity” is the thing that matters.
Although it should be mentioned that as this is a HARDWARE issue (and there’s no way software can change hardware) there is NO complete software fix for Spectre and never will be … it will ALWAYS just be ongoing mitigations against newly discovered Spectre variants, so keep on top of updates.
You are right - and my comment was tongue-in-cheek (there’s no emoticon for that).
I ran your code and, to my untutored eye, my laptop doesn’t appear to be very vulnerable.
Many thanks for referencing the code.
I’m assuming from these results that the 1st round of vulnerabilities was patched but others have been discovered later that aren’t?
I vaguely remember a test that I could perform to check if a kernel was patched so I’ll try and root it out and re-post as and when. Also, I need to perform a sweep of redundant kernels (Mint keeps all of the updates) so maybe now is a good time to install the latest (working) kernel too?
Thanks again from a (so far) non-panicking Rich…
EDIT: If I have this right - is a vulnerability exploited by a rogue script on a webpage? If so, would using an up-to-date browser (Firefox, in my case) and enabling UFW (I have) prevent any such script from deploying? Or am I way off beam here?
You’re right and wrong at the same time … most exploits would require local access, and YES some could theoretically be leveraged via a rogue website.
(and NO, UFW or an up-to-date web browser on their own would not stop a remote exploit via a website, because you’d likely give permission for it to run)
An up-to-date browser is certainly ONE of the mitigations (or put better ‘an integral PART of a mitigation strategy’) but it is NOT a fix (or protection) in it’s own right.
Current mitigations seem to revolve around making the clock too course grained to allow for the very precise timings required by an exploit … but new ways to work around these mitigations continue to be discovered, so new road-blocks (mitigations) put in their way … as I said, there is NO fix for this in software, only hardware. Until the hardware is fixed it’ll be a continuously running battle.
All you can do is stay on top of updates … but you should be doing that anyway right
I do apply regular updates but only up to level 3 lately. I stopped the automatic installation of kernels due to a spate of ‘kernel panics’ I was getting. For some reason, updating the kernel was upsetting my bootloader and I couldn’t boot into any of them for a while resulting in a re-install back to Mint 18.1. I did install the present kernel - 4.4.0-116-generic - as it was patched at the time but do accept that other patches are needed as time goes by.
I’ll try to update to the latest workable kernel but may be back regarding the ‘panics’!!