search

speed47 / spectre-meltdown-checker

Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
3.86k stars 476 forks source link

Accuracy of results, on MacOS 11.x/ARM64? #398

Closed vmlemon closed 3 years ago

vmlemon commented 3 years ago

Thanks for the script, although it seems that MacOS 11.x now lacks some tools (or, more likely, the script doesn't detect the new architecture/OS pair), so certain commands fail:

tyson@Tysons-Air spectre-meltdown-checker % sudo ./spectre-meltdown-checker.sh 
Password:
Spectre and Meltdown mitigation detection tool v0.44-7-g3a486e9

cut: illegal option -- w
usage: cut -b list [-n] [file ...]
       cut -c list [file ...]
       cut -f list [-s] [-d delim] [file ...]
cut: illegal option -- w
usage: cut -b list [-n] [file ...]
       cut -c list [file ...]
       cut -f list [-s] [-d delim] [file ...]
cut: illegal option -- w
usage: cut -b list [-n] [file ...]
       cut -c list [file ...]
       cut -f list [-s] [-d delim] [file ...]
cut: illegal option -- w
usage: cut -b list [-n] [file ...]
       cut -c list [file ...]
       cut -f list [-s] [-d delim] [file ...]
./spectre-meltdown-checker.sh: line 1446: kldstat: command not found
./spectre-meltdown-checker.sh: line 1446: kldstat: command not found
cat: /proc/cmdline: No such file or directory
Checking for vulnerabilities on current system
Kernel is Darwin 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:06:51 PST 2021; root:xnu-7195.81.3~1/RELEASE_ARM64_T8101 arm64
CPU is MacBookAir10,1

Hardware check
* CPU vulnerability to the speculative execution attack variants
  * Affected by CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
  * Affected by CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
  * Affected by CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 
  * Affected by CVE-2018-3640 (Variant 3a, rogue system register read):  YES 
  * Affected by CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
  * Affected by CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  YES 
  * Affected by CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES 
  * Affected by CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES 
  * Affected by CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES 
  * Affected by CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES 
  * Affected by CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES 
  * Affected by CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES 
  * Affected by CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO 
  * Affected by CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  NO 
  * Affected by CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)):  NO 

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
Unsupported OS (Darwin)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
Unsupported OS (Darwin)

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
Unsupported OS (Darwin)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  VULNERABLE  (an up-to-date CPU microcode is needed to mitigate this vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
Unsupported OS (Darwin)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  N/A 
> STATUS:  VULNERABLE  (your CPU supports SGX and the microcode is not up to date)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
Unsupported OS (Darwin)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
Unsupported OS (Darwin)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
Unsupported OS (Darwin)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
Unsupported OS (Darwin)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
Unsupported OS (Darwin)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
Unsupported OS (Darwin)

CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
Unsupported OS (Darwin)

CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
Unsupported OS (Darwin)

CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
Unsupported OS (Darwin)

> SUMMARY: CVE-2018-3640:KO CVE-2018-3615:KO

We're missing some kernel info (see -v), accuracy might be reduced
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer

In keeping with your maxim, at the end, I kinda wonder if this is affecting the outcome of the checks, in either a negative, or positive way? (To my knowledge, no-one has publicly tested these new machines, for these vulnerabilities, and the https://leaky.page test doesn't seem to function, in Safari).

hideout commented 3 years ago

thanks nice feedback

szepeviktor commented 3 years ago

Thank you. Could you please use backticks: ```

vmlemon commented 3 years ago

Sorry about that, it was an typo, on my part. Fixed.

speed47 commented 3 years ago

MacOS is not supported, as per the readme:

Supported operating systems:
    Linux (all versions, flavors and distros)
    BSD (FreeBSD, NetBSD, DragonFlyBSD)

The reason for this being that what the script does is looking deep inside the (Linux or BSD) kernel. So, supporting MacOS would need to be familiar with the MacOS kernel and reimplement every check with respect to this. I'll add a check at the beggining of the script so that it exits if MacOS is detected, so that it doesn't leave the impression that it might work.

I'll also add more information in the README as to why this is the case.

hideout commented 3 years ago

hey Stephane

thanks for your feedback and for extended the README

and i really enjoy this Spectre & Meltdown Checker for my security work on diff. servers

take care

greets from berlin germany

Am Mo., 24. Mai 2021 um 13:18 Uhr schrieb Stéphane Lesimple < @.***>:

MacOS is not supported, as per the readme:

Supported operating systems: Linux (all versions, flavors and distros) BSD (FreeBSD, NetBSD, DragonFlyBSD)

The reason for this being that what the script does is looking deep inside the (Linux or BSD) kernel. So, supporting MacOS would need to be familiar with the MacOS kernel and reimplement every check with respect to this. I'll add a check at the beggining of the script so that it exits if MacOS is detected, so that it doesn't leave the impression that it might work.

I'll also add more information in the README as to why this is the case.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/speed47/spectre-meltdown-checker/issues/398#issuecomment-846974423, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEMNDOMKXEUMZGOQY2QGO3TPIYZHANCNFSM42XWQDOA .

speed47 commented 3 years ago

I'll also add more information in the README as to why this is the case.

Done. I also added an FAQ with more details about this. The script also had been modified to exit when it detects MacOS, instead of trying (and failing) to do anything useful.

speed47 commented 3 years ago

hey Stephane thanks for your feedback and for extended the README and i really enjoy this Spectre & Meltdown Checker for my security work on diff. servers take care greets from berlin germany

Thanks for the feedback! It's always good to know that the script is useful to people, and I'm glad this it the case!

speed47 commented 3 years ago

Closing as the matter is now fixed, please reopen if needed. Thanks!