LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Distributions page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Ubuntu "Feisty" Herd 1 released

[Posted December 6, 2006 by corbet]

From:  Tollef Fog Heen <tfheen-AT-ubuntu.com>
To:  ubuntu-devel-announce-AT-lists.ubuntu.com
Subject:  Ubuntu Herd 1 released
Date:  Wed, 06 Dec 2006 12:57:15 +0100


Come, rest in this bosom, my own stricken deer,
Though the herd have fled from thee, thy home is still here:
Here still is the smile that no cloud can o'ercast,
And the heart and the hand all thy own to the last.

 - Thomas Moore, Come, Rest In This Bosom

Welcome to Feisty Fawn Herd 1, which will in time become Ubuntu 7.04.

Pre-releases of Feisty are *not* encouraged for anyone needing a
stable system or anyone who is not comfortable running into
occasional, even frequent breakage.  They are however recommended for
Ubuntu developers and those who want to help in testing, reporting,
and fixing bugs.

Herd 1 is the first in a series of milestone CD images that will be
released throughout the Feisty development cycle. The Herd images are
known to be reasonably free of showstopper CD build or installer bugs,
while representing very current snapshots of Feisty. You can download
it here, for Ubuntu, Kubuntu and Edubuntu respectively:

  http://cdimage.ubuntu.com/releases/feisty/herd-1/ (Ubuntu)
  http://cdimage.ubuntu.com/kubuntu/releases/feisty/herd-1/ (Kubuntu)
  http://cdimage.ubuntu.com/edubuntu/releases/feisty/herd-1/ (Edubuntu)

See http://wiki.ubuntu.com/Archive for access instructions.

The primary changes from Edgy have been the re-merging of changes
from Debian.  Common to all variants, we have upgraded the kernel to
2.6.19.

Please refer to http://www.ubuntu.com/testing/herd1 for information on
changes in Ubuntu and https://wiki.kubuntu.org/FeistyFawn/Herd1/Kubuntu
for changes in Kubuntu.

This is quite an early set of images, so you can expect some
bugs. Among them are the following (so you don't need to bother
reporting these if you encounter them):

  * Installing the i386 image in an SMP VMWare machine (at least on
    AMD64) fails with a kernel panic.

  * When shutting down the live CD, the prompt asking you to press
    enter to confirm you have removed the CD reads from the wrong
    terminal.  It is at that point safe to press the reset or power
    button.

If you're interested in following changes as we further develop Feisty,
have a look at the feisty-changes list:

  http://lists.ubuntu.com/mailman/listinfo/feisty-changes

We also suggest that you subscribe to the ubuntu-devel-announce list
if you're interested in following Ubuntu development. This is a
low-traffic list (a few posts a week) carrying announcements of
approved specifications, policy changes, alpha releases, and other
interesting events.

  http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-ann...

The Testing area of the wiki suggests various tests that can be
performed on Herd CD releases to try to catch bugs far enough before
the final release that they can be fixed:

  http://wiki.ubuntu.com/Testing

Bug reports should go to Malone:

  https://launchpad.net/distros/ubuntu/+bugs

Enjoy,
-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

-- 
ubuntu-devel-announce mailing list
ubuntu-devel-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-an...
(Log in to post comments)

Stack smashing protection included?

Posted Dec 6, 2006 15:36 UTC (Wed) by dwheeler (subscriber, #1216) [Link]

Anyone know if this version of Ubuntu will automatically protect against stack overflows? Buffer overflows are one of the most common and dangerous vulnerabilities, and of them, stack overflows are especially common and easy to exploit. Fedora Core (FC) has had protections against them for a long time, so that many of the vulnerabilities that have been reported are actually much less dangerous in FC. Last I checked, Ubuntu still lacked any such protections, which makes Ubuntu much less secure in my eyes.

In November 2006, gcc-4.1 4.1.1-18ubuntu1 was accepted, and that includes lib32ssp0 (a GCC stack smashing protection library). But having it distributed is completely different from using it. It needs to be turned on by default, and have all (or nearly all) compiled applications using it or some other defensive measure. Anyone know if that's happened?

In my mind this has been a key distinctive between Fedora Core and Ubuntu: Fedora Core has mechanisms that protect against unknown vulnerabilities, and Ubuntu in the past has not. FC's stack-smashing protections, SELinux, and so on have saved people's bacon many times.

Stack smashing protection included?

Posted Dec 6, 2006 17:37 UTC (Wed) by rfunk (subscriber, #4054) [Link]

Why single out Ubuntu? No other mainstream Linux distribution, with the
possible exception of Fedora, uses that stuff either.

And many of us consider Fedora to be no more than a technology testbed
and a beta version of RHEL, rather than a distribution with high quality
aspirations of its own.

Stack smashing protection included?

Posted Dec 6, 2006 17:58 UTC (Wed) by dwa (subscriber, #24604) [Link]

Perhaps because the article the original poster was commenting on is *about Ubuntu*?

And many people believed that Linux would never amount to anything, but that wasn't true either.

Stack smashing protection included?

Posted Dec 6, 2006 18:10 UTC (Wed) by scottt (subscriber, #5028) [Link]

> And many of us consider Fedora to be no more than a technology testbed
> and a beta version of RHEL, rather than a distribution with high quality
> aspirations of its own.

Many would disagree.

Note that Redhat employs the gcc and binutils developers that implemented the -DFORTIFY_SOURCE and PIE features upstream.
Integrating new security features is easier when you invest heavily in its original development.

Stack smashing protection included?

Posted Dec 6, 2006 17:56 UTC (Wed) by jbailey (subscriber, #16890) [Link]

It was done in the previous release:

https://launchpad.net/distros/ubuntu/+spec/gcc-ssp

Power managers

Posted Dec 7, 2006 1:18 UTC (Thu) by fergal (subscriber, #602) [Link]

So, the gnome power manager now has some features that the kde one already had. Presumably it's also got some that the kde one doesn't have yet. I wonder what the xfce one can do.

Am I correct to think that all of these apps duplicate power saving code/logic all for the sake of their GUI toolkits? Or is there a powerd in the background that these are just configuration frontends for? Can I save power without being logged in or do I have to fire up a power-hungry desktop to save power on the console?

Power managers

Posted Dec 7, 2006 1:33 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

I haven't looked at this specific piece, but in general this sort of thing is done using DBUS to send messages between a (probably privileged) system daemon or demand-launched program and the user-friendly, toolkit specific frontend.

That's how the Bluetooth PIN stuff works now, and Network Manager and network service discovery stuff like Avahi, and so it's probably how the power management stuff works these days too. Desktop software decides policy, the system daemons and the kernel implement it.

So the heavy lifting is probably not being duplicated. In fact, most of the really hard work seems to be in the kernel and driver modules anyway. It's much harder to get all those disks, video cards, USB cameras, bluetooth keyboards and so on back how you left them after a few hours without power than to draw an icon of a battery in three different widget toolkits.

Power managers

Posted Dec 7, 2006 9:40 UTC (Thu) by usr (guest, #42092) [Link]

No, unfortunately it works exactly the way you suggest it should not. The
logic is indeed duplicated across the GUI interfaces. The little
crash-prone applet sitting in the system tray is in fact the "daemon"
making the decisions about power management. Power management does not
work when you are not logged in. If more than one user is logged in, who
knows what might happen?

More specifically it works something like this:

Information about system state:
HAL -> DBUS -> Applet

Power management instructions:
Applet -> DBUS -> HAL

There is another power management solution, kpowersave+powersaved, that
originated with SUSE and that works the way you suggest it should. Some
powersave developers were rather offended by the development of the
current power management solution in Ubuntu, specifically Kubuntu. There
are also plenty of comments suggesting to split off a power management
daemon from the GUI.

Ironically, the reason why the architecture is broken today is that the
Ubuntu solution originated as a GNOME hack written by a developer who
didn't know how to write a system daemon. To his credit he acknowledged
that that a separate daemon would have been the right thing, but no-one
stepped forward to write one at the time.

Power managers

Posted Dec 8, 2006 1:19 UTC (Fri) by fergal (subscriber, #602) [Link]

It's kinda bizarre that someone could write a GUI powermanager but couldn't figure out how to write a daemon.

I'd file a bug but "everything about your project is wrong" bugs don't tend to go too well.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds