Yadda ake Dubawa da Patch Meltdown CPU Rauni a cikin Linux


Meltdown shine rashin lafiyar matakin matakin guntu wanda ke karya mafi mahimmancin keɓance tsakanin shirye-shiryen mai amfani da tsarin aiki. Yana ba da damar shirin shiga kernel na tsarin aiki da sauran wuraren ƙwaƙwalwar ajiyar sirri na shirye-shirye, kuma yana yiwuwa ya saci bayanai masu mahimmanci, kamar kalmomin shiga, maɓallan crypto-da sauran sirri.

Specter wani lahani ne na tsaro na matakin guntu wanda ke karya keɓance tsakanin shirye-shirye daban-daban. Yana baiwa dan damfara damar yaudarar shirye-shiryen da ba su da kurakurai a cikin fitar da mahimman bayanansu.

Waɗannan kurakuran suna shafar na'urorin hannu, kwamfutoci na sirri da tsarin girgije; dangane da abubuwan samar da girgije, yana iya yiwuwa a sami damar/sata bayanai daga wasu abokan ciniki.

Mun ci karo da rubutun harsashi mai fa'ida wanda ke bincika tsarin Linux ɗin ku don tabbatar da ko kernel ɗinku yana da sanannen matakan ragewa a wurin harin Meltdown da Specter.

spectre-meltdown-checker shine rubutun harsashi mai sauƙi don bincika idan tsarin Linux ɗinku yana da rauni a kan 3 kisan kisa CVEs (Nau'i na gama gari da Bayyanawa) waɗanda aka bayyana a bainar jama'a farkon wannan shekara. Da zarar kun gudanar da shi, zai bincika kernel ɗin ku a halin yanzu.

Zabi, idan kun shigar da kernels da yawa kuma kuna son bincika kernel ɗin da ba ku aiki ba, zaku iya saka hoton kwaya akan layin umarni.

Zai yi ƙoƙari sosai don gano raguwa, gami da facin da ba na vanilla ba, ba tare da la'akari da lambar sigar kernel da aka tallata akan tsarin ba. Lura cewa yakamata ku ƙaddamar da wannan rubutun tare da tushen gata don samun ingantaccen bayani, ta amfani da umarnin sudo.

$ git clone https://github.com/speed47/spectre-meltdown-checker.git 
$ cd spectre-meltdown-checker/
$ sudo ./spectre-meltdown-checker.sh

Daga sakamakon binciken da ke sama, kwayar gwajin mu tana da rauni ga 3 CVEs. Bugu da kari, ga wasu mahimman abubuwan lura game da waɗannan kurakuran processor:

    Idan tsarin ku yana da na'ura mai sauƙi kuma yana gudanar da kernel wanda ba a buɗe ba, ba shi da aminci a yi aiki tare da bayanai masu mahimmanci ba tare da damar leken asirin bayanan ba.
  • Abin farin ciki, akwai facin software akan Meltdown da Specter, tare da bayar da cikakkun bayanai a cikin gidan bincike na Meltdown da Specter.

An sake tsara sabbin kernels na Linux don ɓata waɗannan kwaro na tsaro. Don haka sabunta sigar kernel ku da sake yi uwar garken don amfani da sabuntawa kamar yadda aka nuna.

$ sudo yum update      [On CentOS/RHEL]
$ sudo dnf update      [On Fedora]
$ sudo apt-get update  [On Debian/Ubuntu]
# pacman -Syu          [On Arch Linux]

Bayan sake kunnawa tabbatar da sake dubawa tare da rubutun spectre-meltdown-checker.sh.

Kuna iya nemo taƙaice na CVEs daga ma'ajin Github mai duba-meltdown-checker.