Suggestion: make it overly obvious that it only checks for *kernel* vulnerabilities

[bnjbvr]

Hi there! Good job on making this tool, I found it quite useful :+1: Since the Spectre variants 1 and 2 may also be vulnerable in browsers (disclaimer, I work on Spidermonkey, the JavaScript engine within Firefox), and other software more generally, how would you feel about making it very obvious that the checks this tool runs only verify that the kernel is protected? Otherwise, it might provide a false sense of security to people who don't know the attacks in depth, letting them think that their whole system is protected, while other pieces of software may need to be updated and mitigated as well. Thanks!

[speed47]

Thanks for your report. I don't want people thinking they're secure when they're not, and that's exactly why on every run of the script, the last line always says:

A false sense of security is worse than no security at all, see --disclaimer

The disclaimer explains several things, and among those:

Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all the softwares you use, especially for those who are exposed to the world, such as network daemons and browsers.

The disclaimer is also present in the README.md. Not sure I can do much more, as, as you probably know as you're working for a widely used browser: whatever you do, people don't read ;)