The very first LinuxConf Europe
event was held in Cambridge, UK, in the first week of September. This
conference is the result of a cooperation between the UK Unix User Group and the German Unix User Group; it is, in a sense, a
combination of the UKUUG and Linux-Kongress events held in previous years.
Talks by Dirk Hohndel and Michael Kerrisk were published
last week. Here is a summary of some other LCE events.
Power management remains the focus of a great deal of attention. Arjan van
de Ven started off a set of power-related talks with an overview of where
the problems are. His biggest point is that software is a critical part of
the power consumption picture; contemporary hardware provides a number of
power-saving features, but software has a tendency to defeat them. Many of
the ways in which this happens have been covered here before, so there is
no need to repeat them. The core lesson here is that transitions between
power states are expensive, so it is important that hardware components,
once put into a power-saving state, be allowed to stay there for some time.
In the case of the CPU, idle periods of 20ms to 50ms are needed for
effective power savings. Past kernels have rather defeated that goal,
though, by receiving a clock interrupt every 1-10ms. The dynamic tick
patches have finally fixed that problem, making it possible for longer
sleeps to happen. But then user space comes along and ruins things. Since
the advent of PowerTop, though,
improvements have been coming quickly. Many distributions now consume at
least 30% less power in typical laptop use.
Things may be getting better, but Matthew Garrett started the following
session by noting that Linux still sucks - at least, it sucks power. This
is a problem, he says, because getting half the battery lifetime as Windows
on the same hardware is really embarrassing. Systems
are still waking up far too much; the problems exist in both kernel and
user space.
On the kernel side, the usual culprits - device drivers - are a big part of
the problem. There are quite a few drivers which poll their hardware -
sometimes up to 100 times every second. In some cases this cannot be
avoided; the hardware may be broken in a way which requires this kind of
polling. But in other cases the polling can be made smarter - such as
turning it off when the device is not in use. There is still work to be
done in this area.
User-space applications remain a problem. People tracking down wakeups
often blame the X server, but the real trouble is usually the applications
which are causing X to wake up. There is a tool in the works which will
identify the real source of X wakeups; this is a good thing: once problems
are identified they are usually fixed pretty quickly. Polling for vertical
retrace periods (so that the display can be updated without artifacts)
seems to be a particular problem; some API work is being done to make it
easier to avoid this polling. Evidently there are also some applications
which repeatedly ask the server if a particular extension is available;
since the set of extensions does not change while the server is running,
there is little point in doing this.
There are some interesting things which can be done to better use the
power-saving features of the hardware. For example, some framebuffers can
compress the video data into a dedicated memory area, then drive the video
from the compressed data. This technique reduces video memory bandwidth,
saving power (up to half a watt) in the process. An interesting
consequence is that the amount of power saved is dependent on how well the
screen's contents compress - a user's choice of background wallpaper will
affect their power usage.
Finally, there is a lot to be gained if device drivers can communicate more
information to user space, making polling unnecessary. Applications which
poll for changes to the audio volume are an example here; if the sound
system simply told them that the volume had been adjusted, they could
update their displays and go back to sleep.
Chris's motivation is the fact that disks are, for all practical purposes,
getting slower - the time required to read an entire disk is growing. Most
systems still store large numbers of small files, leading to a lot of
wasted space. Btrfs tries to address these issues and provide a number of
interesting features as well. It is extent-based, resulting in more
efficient storage of larger files. Small files are packed into the
filesystem tree itself, eliminating the internal fragmentation experienced
by a number of other filesystems. It has indexed directories, data and
metadata checksums, efficient snapshots, sequence numbers in objects
(facilitating quick and easy incremental backups), an online filesystem
checker in the works, and more.
The directories are actually indexed twice. One index is there for fast
filename lookup; the other one, instead, lets the readdir() system
call return files in inode-number order, speeding filesystem traversals.
Extended attributes are stored as directory entries. Every file has a
backpointer to its containing directory - and, yes, multiply-linked files
have backpointers to all of the directories in which they are found.
Perhaps the most fun part of the talk was the plots Chris has generated
from various benchmark runs. The limiting factor on filesystem performance
is generally disk seeks; it is important to minimize disk head movement.
In general, ext3 tends to move the disk head all over the platter during
benchmark runs while Btrfs and XFS do better. Chris noted that better
writeback clustering in the virtual memory subsystem would help ext3.
More benchmark plots (some animated) can be found in the Btrfs
benchmark and Seekwatcher pages.
Toward the end, Chris was asked whether performance slows down when the
disk gets full. The answer was "no" because the system crashes instead.
That's a good reminder that Btrfs remains an early-stage development; the
on-disk format has not even been finalized yet. But the production version
of Btrfs is certainly something to look forward to.
Back in 2000, the British Computer Society awarded its Lovelace Medal to
Linus Torvalds. In 2007, the society finally caught up with him to deliver
the medal - though, as speaker Dr. David Hartley noted, they probably were
almost as quick as the post office would have been. As is typically the
case, Linus seemed somewhat embarrassed by the attention.
LinuxConf Europe intends to be a conference on a truly European scale. To
that end, next year's event will likely move to Germany; the details were
not yet finalized to the point that the location could be announced at this
year's conference, though. LCE, helped by the kernel summit, has gotten
this institution off to a good start; your editor is looking forward to
next year's edition.
With its first
alpha just released, Python 3.0 (aka Python 3000 or Py3k) is
making progress, though a final release is still a year off. Py3k overhauls
the language core, removing inconsistencies and other "warts", without
maintaining compatibility with the 2.x version. Various standard Python
idioms go by the wayside and it will take some getting used to.
One of the driving forces for Py3k is to handle unicode strings in a uniform
way. In the 2.x series, unicode handling has bugs, especially when mixing
encoded and unencoded text. The Py3k solution is to separate strings,
which contain decoded text, and byte-strings which are binary data into two
distinct types, str and bytes. Those types cannot be
combined without converting one via the encode() and decode()
methods. The drawback to this change is explained in the
What's New in
Python 3.0 document:
This means that pretty much all code that
uses Unicode, encodings or binary data in any way has to change.
This also leads to a distinction that needs to be made when handling
files. Files are either binary or text files, with text files requiring an
encoding to be specified when they are opened. If the wrong type or
encoding is given, I/O to the file may fail.
One very visible change – perhaps the most controversial –
is eliminating
the print statement, moving it to a function.
The change is being made
mostly for consistency, as there is no other language statement like
print, but it also adds additional features. One can now specify
a separator, line ending, and file directly, there is no need for the
print >>sys.stderr, "error" syntax, instead that becomes
print("error", file=sys.stderr).
As the "What's new" document points out:
Initially, you'll be finding yourself typing the old print x a lot in
interactive mode. Time to retrain your fingers to type print(x) instead!
Another area that has changed significantly is the dict methods.
The keys(), items(), and values() methods no longer
return lists, so code that treats them that way will fail. They now return
something called a "view" that references the dict directly,
producing values as they are needed, much like an iterator. In addition, the
has_key() boolean method has been removed, the in operator
should be used instead.
There are lots of smaller changes that will catch the unwary. Many of the
features removed have been deprecated for some time, but, for programmers who
don't follow Python language development closely, they may surprise. The
raise statement has different syntax, integer division no longer
truncates, instead it returns a float (with // used to get the old
behavior), xrange() has been removed, and so on. It adds up to a
substantial pile of things to deal with when moving existing code to Python 3.
The migration from 2.x is being assisted by the development of Python
2.6, which is slated for release in April 2008. It will provide a Py3k
warnings mode that complains at runtime when a feature is being used in a
way that is incompatible. It will also have many of the new features enabled,
either as __future__ imports or just added into the language if it
doesn't conflict with 2.x syntax. The 2to3 tool is also being
developed to translate 2.6 constructs into their 3.0 equivalents. The
Python Enhancement Proposal (PEP) governing the Py3k plan (PEP 3000) gives an overview of how code
can be maintained to run on both 2.6 and 3.0. It sounds somewhat painful,
but incompatible language changes are never easy.
There is still plenty of work to be done, the final release of 3.0 is
currently scheduled for August 2008. One of the bigger remaining chunks is
a reorganization of the standard library namespace.
PEP 3108 lays out the
changes to be made, including removing older, unsupported, or rarely used
modules, renaming modules to conform to the naming standard, merging the C
and Python implementations of modules (i.e. cPickle goes away and is
replaced with pickle). It cleans up what had become a bit of a mess
over time.
All of these changes have not come about without some objections, both
from those who think another incompatible "upgrade" is not warranted to
those who think Py3k
doesn't go far enough. One area that is not being changed, but is a source of frustration for some,
is the "global interpreter lock" (GIL), which only allows one thread at a
time to operate on any Python objects or call out to C language extensions.
Especially with the advent of multi-core and multi-CPU systems, the lock is
very restrictive, serializing most of the core language processing.
Guido van Rossum, Benevolent Dictator for Life (BDFL) of the Python
language has been very open about addressing these concerns on his All Things
Pythonic weblog. That doesn't mean he plans to change things,
especially with regards to the GIL, but he puts together a well
reasoned defense, mostly concerning the performance of the language
with finer-grained locks. He is clearly not much of a fan of
multi-threaded programming with its attendant race conditions, deadlocks,
and other issues, but he is not opposed to efforts to remove the GIL
either. As he points out, it is not inherent in the Python language, but
is an attribute of the current language implementation, other
implementations (Jython, IronPython) do not have the GIL.
There are fundamental changes in Python 3, it will be interesting to see
how quickly it is adopted after being released. People learning Python
won't need to learn Py3k for another two years or so, according to van
Rossum, and should, instead, concentrate on 2.x (which means 2.5 until April).
The unicode handling rework will probably be enough to get the increasing
number of localized programs updated, but the rest of the changes are not
terribly compelling. It is likely that there will be Python 2.x programs
around for a long time to come.
Purpose-built Fedora distributions, called "spins", are a recent
addition to that community in an attempt to reach additional users. The
idea is to use tools like Revisor to create a custom
collection of software that work well together for a particular set of
tasks. This collection can then be installed or run from a live CD,
providing an easy means to have the right collection of tools immediately,
rather than after a lengthy yum install pass.
The concept itself is not new, there are many distributions targeted at a
particular subset of users. Typically, other popular distributions (Debian
and Ubuntu in particular) have been used as the basis for them. The Fedora
project is embracing the idea, pulling together a list of the spins and
elevating at least two to the status of "official spins". The idea is to
appeal to those who don't want to be bothered with tracking down,
installing, and configuring the tools needed for their task; instead it is
all packaged for them.
Starting with Fedora 7, two official releases of the distribution are
available, one for each of the dominant desktops. For Fedora 8, there will
also be a developer
spin, which has the explicit goal of attracting more Fedora
developers. It will include Eclipse, perhaps other integrated development
environments (IDEs), gcc and friends, emacs, SystemTap,
and other developer tools. Other ideas, such as a working Xen virtual
machine and targeting web developers, have been discussed as well.
The other official spin for Fedora 8 is the Fedora
Electronic Lab (FEL). This project pulls together the tools for
electronic design and configures them to work well together. A wide variety
of software for circuit simulation, hardware development in VHDL and
Verilog, Very Large Scale Integration (VLSI) design, and embedded systems
development are included. Universities are high on the list of target
audiences, with the FEL website claiming 250 universities already using
Fedora; attracting more is one of the goals.
Several other spins are being worked on as well, not "officially", but
there does seem to be some serious work going into them. The Security
LiveCD is a Fedora 7 based spin for security auditing and testing. It
contains all of the tools that an administrator or security researcher
might need to do forensic analysis of a rooted machine, check a network for
vulnerable hosts, or do penetration testing. Since it can be booted
directly from a read-only device, risks of infection from any malware are
eliminated. Any machine can be quickly turned into a security workstation
by using a distribution like this.
Another ambitious project is the Fedora
Art Studio. This spin not only collects the tools into one package, it
also pulls in content likely to be useful to artists, desktop publishers,
animators, and other creative folks. There are collections of clip art,
fonts, textures, brushes, and so on, all with free licenses. There are
also tutorials included to get people up to speed on the various packages.
Plans are to include default Firefox bookmarks for useful sites as well.
Other spins are listed on the site, ranging from the Creative
Commons LiveContent spin (covered by LWN here) to a SystemTap live CD.
The Fedora wiki has various Howtos on remixing
and rebranding
Fedora, as well as using the Live CD
tools. Most people who want to build a custom spin will start by using
the Revisor GUI
tool, which provides options for installation, live or virtualization
(for Xen or KVM virtual machines) media for CDs, DVDs, USB thumb drives and
more. The project has clearly put a lot of time and effort into making it
as easy as possible to create new spins from the large repository of Fedora
software.
It remains to be seen if any of these spins become popular, but it may be a
good way to introduce new users to Fedora. It is unlikely that power users
will find a spin that covers all of what they use, but they just might find
one that serves as a good starting point. They can either customize their
own spin from there or use the usual repository tools to grab whatever
extras they need. For a distribution that, until recently, had a
reputation for not working with the community, this effort may go a long
way towards erasing that history.
LWN recently tried a new (for us) form of advertising, known as
"in-text" advertising – ads that pop up from highlighted keywords in
an article. When we announced
the change, it was obvious from the comments that it was a tad
unpopular. Truth to tell, they started getting on our nerves more as
time went on; they didn't seem quite so annoying when running it on our
development systems. We have discontinued the ads; they will not be coming back.
A lot of good points were made in the comments, we appreciate the time you
took to make them. Our readers are (obviously) very important to us; your
opinions on what works and what doesn't are always carefully considered.
There were also several interesting suggestions made, we will be pondering
those as we make plans.
We do want to dispel one concern that we heard. We are not under an
imminent threat of going under. We are proceeding with
the plan we laid out in May: working on the revenue side of the business
while producing the same quality of content you have come to expect. There
will be other experiments along the way; some will fail, hopefully some
will succeed as well.
A Swedish security researcher, Dan Egerstad, recently highlighted a
flaw in the way many folks are using Tor,
a tool for internet anonymity. He said that he had captured user names and
passwords for at least 1000 email accounts, posting
the details for 100 of those. Ten days after the initial disclosure,
he followed
up with information on how he captured the data.
Tor (aka The Onion Router) is a system designed to hide the source and
destination of internet traffic by routing it through a few intermediate
nodes. Software is available for most operating systems and can run in
either client or server mode. The Tor network consists of many server
nodes that can route this traffic, but it also has special nodes, called
"exit nodes" that are the endpoints for traffic within the Tor network.
Exit nodes are the ones that actually talk to the server the client was
trying to reach, thus they see any traffic exactly as it will be presented
to the destination.
A Tor client picks a random path through the network, using a directory
server to get a list of active nodes. For each hop along that path, it
negotiates a separate session key. It encrypts the packet data, along with
a destination address, once per node in the path, building up a packet with
multiple layers of encrypted information. Each layer can only be
decrypted by the proper intermediate node. Each intermediate node only
knows about its predecessor, the destination, and the key, so with more than
a few nodes, the source and ultimate destination are hidden. The exit node
is the last layer of the onion, what it decrypts is the data bound for the
destination.
Running an exit node for Tor has some risks associated with it, as all
traffic that goes to a destination site appears to originate from the exit
node host. If the destination gets attacked by a
denial of service or other exploit, the exit node operator would seem to be
the guilty party. For this reason, Tor servers can determine whether or not they are
willing to be exit nodes. What Egerstad did was to volunteer five servers
as exit nodes and monitor the traffic that went by.
What his exit nodes saw was the traffic bound for various servers, much of
it in the clear. He collected authentication for email servers from many
users, with the ones he released being embassy workers and members of human
rights organizations. He monitored the POP3 and IMAP protocols,
specifically looking for keywords associated with governments. By looking
at those two protocols, he not only was able to capture passwords, his exit
nodes also saw all of the email stream by as it was delivered to the users.
This should come as no real surprise, unencrypted email protocols are a
security hazard; they should probably go the way of telnet,
and be banished from internet usage. What is more surprising, but perhaps
shouldn't be, is that people are using Tor to retrieve their email. Tor is
not supposed to be a complete privacy solution, and it is not
presented that way, but the difference between anonymity and privacy seem
to have gotten lost.
It is a near certainty that others are doing just what Egerstad did.
Governments and criminals – though it can be hard to distinguish
between the two at times – both have an interest in monitoring this
kind of traffic. Egerstad lists a number of suspicious exit nodes in the
Tor network, any or all of which could be scanning the cleartext traffic
that streams by.
In some ways, Tor is really no different than the myriad routers that
internet traffic passes through; each of those presents a point where
traffic could be intercepted. Tor is better in that regard, perhaps,
because all but the last leg (which, of course, traverses any number of
routers) are encrypted. If an encrypted protocol, SSL or an ssh
tunnel for example, were used end-to-end, Egerstad's monitoring would not
have worked. With proper certificate/key handling, no intermediate node, Tor
or router, can decrypt the traffic.
It is a bit ironic that one would use a service meant to provide
anonymity to log in to a system using credentials that are intended to
restrict access to a particular user. It is a bit like renting a room at
the No-Tell Motel using your credit card. Presumably, the users had Tor
installed and running for other reasons and either didn't know or forgot to
turn it off when retrieving their email. Perhaps their email client
helpfully retrieves their email every few minutes without their
intervention.
It should be noted that Tor does not do anything above the protocol
level to anonymize traffic. Cookies, browser identification strings and
other information can be used to identify who is using the connection to
anyone with access to the traffic. Obviously, logging in makes that
even easier. Another known threat to anonymity using Tor, even with
end-to-end encryption, is timing analysis. If someone can monitor the
timing of the packets at the client and those at
the server, they can make a statistical correlation between the two.
Tor achieved another kind of notoriety, recently, as some of the storm worm spam started pushing
it as a solution for internet anonymity. Unfortunately, users who followed
the link landed on a fake
Tor download page. Downloading the software did not result in any
increase in their privacy, it simply installed one of the storm worm
variants. It is certainly not the publicity that Tor wanted, but it could,
perhaps, lead a few users to the real Tor. It is a dubious honor, but the
storm worm herders must believe that the Tor name has some credibility in
order to use it this way.
Tor is an excellent tool for what it does, but it certainly is not a
solution to all internet communication privacy issues. As with most
things, users need to understand what they are doing before they can gain
the benefits of Tor. By managing the higher level identifying information
correctly (perhaps by using
something like Privoxy), one
can use internet services anonymously with a reasonable level of comfort.
Using end-to-end encryption makes it that much better.
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message.
jffnms, a web-based network management system, suffers from a cross-site scripting vulnerability, multiple SQL injection vulnerabilities, and an authentication bypass problem.
From the Fedora advisory: Lighttpd (1.4.17 and earlier) is prone to a header overflow when using the mod_fastcgi extension,
this can lead to arbitrary code execution in the fastcgi application.
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
Not only does QGit construct a predictable file name here, and doesn't check if
the files already exist, which can be leveraged into information leak or
arbitrary file overwrite in case they're symlinks, but later on executes one of
them. This is not just problem when /tmp is mounted with noexec option, but
might be exploited into arbitrary code execution under time-dependent race
condition.
From the Samba advisory: When the rfc2307 or sfu nss_info plugin has been enabled, in
the absence of either the RFC2307 or SFU primary group attribute,
Winbind will assign a primary group ID of 0 to the domain user
queried using the getpwnam() C library call.
Wordpress 2.2.3 has been released to fix a security problem. The project has not gone out of its way to describe this problem, but, from the fixed bug list, one concludes that it is possible for users without the requisite privileges to post arbitrary HTML.
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges.
Advanced Intrusion Detection Environment (AIDE) is a file integrity checker
and intrusion detection program. A flaw was discovered in the way file
checksums were stored in the AIDE database. A packaging flaw in the Red Hat
AIDE rpm resulted in the file database not containing any file checksum
information. This could prevent AIDE from detecting certain file
modifications.
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users."
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header."
A heap-based buffer overflow in the bx_ne2k_c::rx_frame function in
iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users
of the guest operating system to write to arbitrary memory locations and
gain privileges on the host operating system via vectors that cause TXCNT
register values to exceed the device memory size, aka "RX Frame heap
overflow."
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160.
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target.
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service.
The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more.
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions."
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name.
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges.
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions.
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers.
From the GNOME
bugzilla: "The "SEQUENCE" value in the GData of the IMAP code
(camel-imap-folder.c) is converted from a string using strtol. This allows
for negative values. The imap_rescan uses this value as an int. It checks
for !seq and seq>summary.length. It doesn't check for seq <
0. Although seq is used as the index of an array."
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail.
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Colin Percival from FreeBSD reported that the previous fix for the
file_printf() buffer overflow introduced a new integer overflow. A remote
attacker could entice a user to run the file program on an overly large
file (more than 1Gb) that would trigger an integer overflow on 32-bit
systems, possibly leading to the execution of arbitrary code with the
rights of the user running file.
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user.
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)
A stack-based buffer overflow in the local__vcentry_parse_value function in
vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows
user-assisted remote attackers to execute arbitrary code via a large
comment value_length.
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code.
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user.
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow
attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items
via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked
items" in (a) WebDAV and (b) Reupload modules.
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused.
JLANTHEA reported a denial of service flaw in the way that gdm listens on its Unix domain socket.
Any local user can crash the locally running X session.
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code.
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. It was possible
for a malformed SMIL file to execute arbitrary code with the permissions of
the user running HelixPlayer. (CVE-2007-3410)
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user).
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3
allows local users to overwrite arbitrary files via a symlink attack on a
temporary file whose name is constructed from the name of a file being
tagged.
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files.
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files.
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
A problem with the interaction between the Flash Player and the Konqueror
web browser was found. The problem could lead to key presses leaking to the
Flash Player applet instead of the browser.
NOTE: CVE number may be incorrect, see CVE entry
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof
the data: URI scheme in the address bar via a long URI with trailing
whitespace, which prevents the beginning of the URI from being
displayed. (CVE-2007-3820)
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by
calling setInterval with a small interval and changing the window.location
property. (CVE-2007-4224)
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote
attackers to spoof the URL address bar via an http URI with a large amount
of whitespace in the user/password portion. (CVE-2007-4225)
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before
2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of
service (crash) via an AppleTalk frame that is shorter than the specified
length, which triggers a BUG_ON call when an attempt is made to perform a
checksum.
The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the
Linux kernel before 2.6.22 allows remote attackers to cause a denial of
service (crash) via an encoded, out-of-range index value for a choice
field, which triggers a NULL pointer dereference.
The Linux kernel has a boundary error problem with the
Omnikey CardMan 4040 driver read and write functions. This can be used
to cause a buffer overflow and possible execution or arbitrary code with
kernel privileges.
The ipv6_getsockopt_sticky function in
net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference.
Local users can use this to crash the kernel or to disclose kernel
memory.
A flaw in the ISDN CAPI subsystem could allow a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim's machine.
A flaw in the perfmon subsystem on ia64 platforms could allow a local user
to cause a denial of service.
Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service
vulnerability. A remote attacker can cause the key_alloc_serial
function's key serial number collision avoidance code to have a
null dereference, resulting in a crash.
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538)
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued.
The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial
of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free
of an incorrect pointer.
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)
From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux
2.6.x kernel fails to properly handle corrupted data structures, leading to
an exploitable denial of service condition. This particular vulnerability
seems to be caused by a race condition and a signedness issue. When
performing a read operation on a corrupted ISO9660 fs stream, the
isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various
races between file io on the block device and getblk")."
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack.
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105)
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798).
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
Bryan Burns of Juniper Networks discovered that KTorrent did not
correctly validate the destination file paths nor the HAVE statements
sent by torrent peers. A malicious remote peer could send specially
crafted messages to overwrite files or execute arbitrary code with user
privileges.
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files.
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code.
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable.
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application.
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim.
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code.
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed.
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service.
Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion
when the ndeb-binary feature is used, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files.
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx.
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content."
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted.
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter.
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code.
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service.
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226).
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query.
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges.
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting.
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of
service (crash) by sending an invalid protocol sequence with
USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
An unspecified vulnerability in portable OpenSSH before 4.4, when running
on some platforms, allows remote attackers to determine the validity of
usernames via unknown vectors involving a GSSAPI "authentication abort."
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms.
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites.
A flaw was found in the way pam_console set console device permissions. It
was possible for various console devices to retain ownership of the console
user after logging out, possibly leaking information to an unauthorized
user.
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users.
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem.
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter.
The phpwiki Upload page does not properly check the extension of a file.
This can be used by a remote attacker to upload a specially crafted PHP file
and execute arbitrary PHP code with the privileges of the PhpWiki user.
The postfix-policyd anti-spam plugin for the postfix mta does not
correctly test the bounds of incoming SMTP commands. This can be
exploited for the remote execution of arbitrary code.
The ProFTPD Auth API has an authentication bypass vulnerability.
When multiple simultaneous authentication modules are configured,
the ProFTPD module that checks authentication is not necessarily
the same module that retrieves authentication data. This can be
used by remote attackers to bypass the authentication system.
Format string bugs were found in several Qt warning messages.
Applications using Qt for processing certain data types could
trigger them if the data caused Qt to print warnings. The bugs
potentially allow to execute arbitrary code via specially crafted
files (CVE-2007-3388).
Andreas Nolden discovered a bug in qt3, where the UTF8 decoder does not
reject overlong sequences, which can cause "/../" injection or (in the case
of konqueror) a "<script>" tag injection.
The redhat cluster suite's
cluster manager is vulnerable to a remote attack. Attackers
can connect to the DLM port and block subsequent DLM operations,
resulting in a denial of service.
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow
remote attackers to execute arbitrary code via directory names that are not
properly handled when calling the f_name function.
The Snort intrusion detection system is vulnerable to a buffer overflow
in the DCE/RPC preprocessor code. Remote attackers can send
specially crafted fragmented SMB or DCE/RPC packets which can be used
to allow the the remote execution of arbitrary code.
Star saves many files together into a single tape or disk archive,
and can restore individual files from the archive. Star supports ACL.
Version 1.5a84 fixes a directory traversal vulnerability.
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files.
Ulf Harnhammar (Secunia Research) has discovered a format string
vulnerability in sylpheed and claws-mail in inc_put_error() function in
src/inc.c when displaying POP3 error reply. The problem can be exploited
by malicious POP3 server via specially crafted POP3 server replies
containing format specifiers. See this Secunia advisory for more
information.
The tar utility has a symlink path traversal vulnerability involving
extracted archives. Maliciously created tar archives can be used to
write arbitrary data to files that the tar user has write access to.
An integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6
and earlier allows remote attackers to execute arbitrary code via crafted
TLVs in a BGP packet, related to an unchecked return value.
Off-by-one buffer overflow in the parse_elements function in the 802.11
printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote
attackers to cause a denial of service (crash) via a crafted 802.11
frame. NOTE: this was originally referred to as heap-based, but it might be
stack-based.
The TCP wrapper library can improperly allow connections to services
that do not have server-side connection details specified.
Remote attackers can connect to blocked services.
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function.
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).
Security update fixing various format strings vulnerabilities and a DOS vulnerability in the vavoom
server, this fixes: CVE-2007-4533, CVE-2007-4534 & CVE-2007-4535. Also see bugzilla bug 256621.
During an internal audit, Raphael Marichez of the Gentoo Linux Security
Team found that Vixie Cron has weak permissions set on Gentoo, allowing
for a local user to create hard links to system and users cron files,
while a st_nlink check in database.c will generate a superfluous error.
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure
permissions, which allows local users to read or overwrite arbitrary files
on xfs filesystems.
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges.
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed.
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges.
Previous versions of the xterm package assigned incorrect ownership and
write permissions to pseudo-terminal devices, permitting local users to
direct output to other users' xterm sessions.
dmcox discovered a boundary error in the zzip_open_shared_io() function
from zzip/file.c . A remote attacker could entice a user to run a zziplib
function with an overly long string as an argument which would trigger the
buffer overflow and may lead to the execution of arbitrary code.
The current 2.6 prepatch is 2.6.23-rc6, released by Linus on
September 10. The number of fixes this time around is relatively
small, partly because many of the developers were off at the kernel summit last week. The long-format
changelog has the details.
The flow of patches into the mainline git repository continues; there will
almost certainly need to be an -rc7 release before this kernel is done.
There have been no -mm releases over the last week.
For older kernels: 2.6.20.19 was released on
September 8 with one security fix in the IPv6 code.
2.4.35.2 was released on
September 8; it contains mostly compiler-related fixes. 2.4.36-pre1 was also released on
the 8th; it contains a few fixes and a patch to optionally prevent
processes from mapping the NULL address.
So I'm doing an inverted reverse polish bisection search to find out which
patch preemptively fixes clockevents-fix-resume-logic.patch. Try doing
that with git, suckers.
C++ is a horrible language. It's made more horrible by the fact
that a lot of substandard programmers use it, to the point where
it's much much easier to generate total and utter crap with
it. Quite frankly, even if the choice of C were to do *nothing* but
keep the C++ programmers out, that in itself would be a huge reason
to use C.
The 2007 version of the Linux Kernel Developers' Summit was held on
September 5 and 6 in Cambridge, UK. Approximately 80 developers
at this invitation-only event held discussions on a wide variety of topics
covering all aspects of kernel development. As usual, LWN editor Jonathan
Corbet was there. Reports from the sessions will appear below as they are
written.
Day 1
The distributor panel. Kernel
maintainers from four distributors attended a session meant to be a
forum where they could tell the community how the process could be
improved from their point of view. In the event, much of the
information flowed in the other direction, with community developers
expressing frustration with a number of distributor practices.
Mini-summit reports. Reports from
mini-summits covering power management, filesystems and storage,
virtual memory, and virtualization held in the months prior to the
main kernel summit.
The greater kernel ecosystem and
user-space APIs. A discussion of how the kernel presents
interfaces to user space and the low-level software which helps with
this task. Also covered here is the session on a proposal for a
formal review process for new system calls.
Kernel quality. In the session he led
on this topic, Andrew Morton was unable to say whether he thought our kernel
releases were getting better or worse. But he had no doubt that we
could be doing a better job than we are now.
Hardware support and the i386/x86_64
merger. This was a discussion of the state of drivers for various
difficult chipsets; it included AMD's important announcement of the
opening of its graphics processors. There was also a session on the
question of whether the i386 and x86_64 architecture trees should be
merged.
Day 2
The preparation of reports from the second day is being somewhat delayed by
your editor's travel. They will show up here as they become available.
The customer panel. An interesting
discussion of customer needs by representatives from Dreamworks,
Credit Suisse, and the Linux Foundation.
Realtime and syslets.
What is the status of the realtime patch set, and what's next for
syslets?
Scalability. Issues for
people trying to run Linux on very large and very small systems.
Memory management. Discussions on
large page support, test cases for memory management patches, and
letting applications help with memory pressure.
Containers. What remains to be done
to have a complete containers implementation in the mainline kernel.
Developer relations and development
process. How can the community bring in more developers and avoid
driving away those who are here now? This question was addressed,
along with a number of nuts-and-bolts issues relating to how the
development process works.
Closing session. The final session of
the 2007 kernel summit was about the kernel summit itself. Was this
event what the attendees had hoped for, and how should things be done
in the future?
The group picture
How could there be a kernel summit without a group picture? Here is (most
of) the group in front of the Downing College dormitory where many of us
stayed:
Loadable kernel modules do not automatically have access to all symbols
(functions and variables) defined in the kernel. In fact, access is
limited to those symbols which have been explicitly exported for modular
use. The idea behind this whitelist-like policy is that it helps the
kernel developers to keep the module interface under control, limiting the
ability of modules to dig into parts of the kernel where they are not
welcome. The practice turns out to be a little more messy: current kernels have over
16,000 EXPORT_SYMBOL() declarations sprinkled around the source.
Unsurprisingly, there are developers who would like to reduce the number of
exported symbols. It is often the case that, once a symbol can be shown to
have no users among in-tree modules, it will be removed altogether. But
there is not universal agreement on just how this process should be
handled; as a result, we see occasional debates on how stable the modular
API should actually be and what provisions should be made for out-of-tree
code.
Adrian Bunk recently posted a patch to unexport
sys_open() and sys_read(). These symbols (which
implement the open() and read() system calls) have been
on the hit-list for a long time. It is easy to make catastrophic mistakes
when using them from kernel space, and there is almost no situation where
opening and reading files from within the kernel is considered to be the
right thing to do. But removing the exports has always proved hard, until
now - there have always been stubborn in-tree users which have kept the
export around.
The final holdout in 2.6.23 is the wavefront sound driver which uses
sys_open() and sys_read() to obtain firmware to load into
the device. The kernel has had a proper API for dealing with firmware
loads for years, so no driver should be trying to read firmware directly
from files itself. The current ALSA development tree contains a patch for
the wavefront driver which makes it use the firmware API; once that patch
is merged, there will be no more in-tree users of those symbols. Adrian,
forever on the lookout for things to remove from the kernel, noticed this
fact and promptly sent in a patch.
But I think it is better to give people some warning when we're
planning on breaking out-of-tree things. I do occasionally receive
reports of "hey, the X driver which I get from Y doesn't work any
more". Often it's open-source stuff, too. I see no point in
irritating our users more than we need to.
Andrew would like to have the symbols marked with
EXPORT_UNUSED_SYMBOL() for one development cycle so that maintainers
of out-of-tree code can get the resulting warning message and fix their
code in response. It quickly became clear that he is in a minority among
the developers on this issue. Adrian was particularly upset, complaining
that other developers are allowed to make no-warning changes which break
almost every module in existence while his patch, which affects very few
modules, must go through a special process. He says:
Andrew, please define API rules, IOW rules for addition, removal
and changing of exported code, that are valid for *everyone* or go
to hell with your EXPORT_UNUSED_SYMBOL.
These symbols have been on the chopping block for a long time, and
most out-of-tree module authors should have figured that out by now.
It is worth noting, though, that the feature removal schedule in the
kernel documentation says nothing about sys_open() and
sys_read().
In this sort of situation warnings are almost entirely ineffective. Users
tend not to see them at all, and they do not report them in any case.
According to Alan Cox: "Short of
using their sound card to scream 'Next release you are screwed' they
won't notice (and if you the sound card trick they'll think they got
rooted....)"
Keeping unused symbols around bloats the kernel and increases the load
on developers who must remember to remove them in a future release.
Fact is, people use external modules. To get their machines
working correctly, to get their work done, to do stuff they want
done.
Many of these people are non-programmers. So when they download a
new kernel and find that the module which they use doesn't work
because of something which we've done, they get pissed off, and we
lose a tester. This has happened many times.
To avoid this problem, he wants exported symbols targeted for removal to
marked with EXPORT_UNUSED_SYMBOL() (or
EXPORT_UNUSED_SYMBOL_GPL()) for one development cycle. The
exports should be marked with a comment noting when the export should be
removed altogether. Each release cycle would include a quick grep to find
the symbols which are now due to be removed for real. He concludes:
Total cost of this effort: maybe ten developer minutes per release,
and a few tens of additional bytes in the released vmlinux.
I think that for a few additional testers and a few less-pissed-off
users (nothing to do with developers), this cost is justified.
That's all.
Elsewhere he has noted that, if a warning is sufficiently widespread,
somebody, somewhere, will act on it. One gets the sense that he has not
convinced a whole lot of developers that this position is right. But
Andrew is in a position to enforce it and most of the others seem to think
that, in the end, it's easier to just go along with what he wants in this
case. The end result is the same, it just takes a little longer.
While the 2.6.23 development cycle has not yet run its course, things are
getting close enough to the end that it makes sense to start looking at the
overall statistics for this release. As of this writing (shortly after
2.6.23-rc6 came out), just over 6,200 non-merge changesets had been added
to the mainline kernel repository. These changesets came from 854
developers - a slightly smaller number than we saw for 2.6.22. Just over
350 of those developers contributed one single changeset.
All told, the patches added almost 430,000 lines, but also removed 406,000
lines, meaning that the kernel grew by just under 23,000 lines - a
relatively small number. That is partially a result of kernel hatcheteer
Adrian Bunk's work: he removed the old SpeedStep code, a number of Open
Sound System drivers, Rise CPU support, and more - a total of almost 73,000
lines removed. Jeff Garzik hacked out over 41,000 lines of network driver
code, and Jens Axboe got rid of over 25,000 lines of code, mostly in the
form of ancient CDROM drivers.
Here is the list of the top contributors to 2.6.23, as counted by
changesets merged and by lines of code changed:
Most active 2.6.23 developers
By changesets
Ingo Molnar
152
2.5%
Ralf Baechle
119
1.9%
Trond Myklebust
116
1.9%
Paul Mundt
111
1.8%
David S. Miller
107
1.7%
Tejun Heo
103
1.7%
Al Viro
95
1.5%
Patrick McHardy
93
1.5%
Adrian Bunk
92
1.5%
FUJITA Tomonori
91
1.5%
Avi Kivity
72
1.2%
Andrew Morton
71
1.1%
Greg Kroah-Hartman
62
1.0%
Alan Cox
58
0.9%
David Brownell
56
0.9%
Jeff Garzik
55
0.9%
Christoph Hellwig
54
0.9%
Stephen Hemminger
53
0.9%
H. Peter Anvin
52
0.8%
Jesper Juhl
52
0.8%
By changed lines
Adrian Bunk
73254
11.0%
Jeff Garzik
43253
6.5%
Jens Axboe
28004
4.2%
Hirokazu Takata
20399
3.1%
Yoichi Yuasa
18368
2.8%
James Smart
15626
2.4%
Jeremy Fitzhardinge
15398
2.3%
David S. Miller
14752
2.2%
Matthew Wilcox
14750
2.2%
Christoph Hellwig
14550
2.2%
Rusty Russell
9452
1.4%
Imre Deak
8925
1.3%
Dan Williams
8510
1.3%
Ralf Baechle
8345
1.3%
Doug Thompson
7310
1.1%
Yoshihiro Shimoda
6981
1.1%
Marc St-Jean
6888
1.0%
Luca Olivetti
6540
1.0%
Cyrill Gorcunov
6371
1.0%
Latchesar Ionkov
5375
0.8%
Ingo Molnar comes out on top of the changesets column by virtue of getting
the CFS scheduler merged - then fixing it. Over half of his patches were
accepted after 2.6.23-rc1 came out. Ralf Baechle and Paul Mundt
both contributed many changes to architecture-specific trees, Trond
Myklebust did a lot of NFS work, and, while David Miller had a number of
networking patches, the bulk of his changesets were in the
architecture-specific (SPARC) trees. The figures on the "by changed lines"
side are dominated by code removals (as described above); Jens Axboe also
did a bunch of splice work and merged the "bsg" generic SCSI driver.
Hirokazu Takata did a bunch of m32r architecture work. James
Smart contributed a number of Fibre Channel changes and Jeremy Fitzhardinge
merged the core Xen code.
Once again, we have put some effort into associating patches with the
companies that supported this work, with the results shown below. These
results should always be taken as approximations; we believe that they are
essentially correct, but patches do not come with Paid-for-by: headers, so
a certain amount of guessing is always required.
Most active 2.6.23 employers
By changesets
(Unknown)
1180
19.0%
Red Hat
744
12.0%
(None)
559
9.0%
IBM
507
8.2%
Novell
421
6.8%
Intel
184
3.0%
Oracle
146
2.4%
Renesas Technology
134
2.2%
MIPS Technologies
119
1.9%
NetApp
116
1.9%
(Consultant)
103
1.7%
Google
99
1.6%
NTT
98
1.6%
Sony
93
1.5%
Astaro
93
1.5%
Linux Foundation
82
1.3%
MontaVista
81
1.3%
SGI
77
1.2%
Qumranet
72
1.2%
QLogic
62
1.0%
By lines changed
(Unknown)
111777
16.9%
(None)
99649
15.0%
Red Hat
84224
12.7%
IBM
39449
5.9%
Oracle
36205
5.5%
Renesas Technology
33152
5.0%
HP
18718
2.8%
Tripeaks
18567
2.8%
Novell
17990
2.7%
Emulex
15942
2.4%
XenSource
15426
2.3%
Intel
14962
2.3%
Sony
11945
1.8%
Analog Devices
10345
1.6%
rPath
9678
1.5%
MIPS Technologies
9171
1.4%
Solid Boot Ltd.
8937
1.3%
MontaVista
8065
1.2%
PMC-Sierra
6888
1.0%
Astaro
6687
1.0%
Red Hat retains its place at the top of the by-changesets list, though its
percentage of changes has dropped a bit. By lines changed, developers
known to be working on their own time (the "None" entry) beat out all
corporate contributors. It is worth noting that much of lines-changed
count for those developers is, in fact, lines removed.
Looking at who added Signed-off-by: lines to patches is interesting,
especially if one looks at signoffs added by people other than the author
of the patch. In this way, one gets an idea of who the gatekeepers are.
There is a slight change to how this calculation was done this time around:
if a patch carried signoffs from both Linus Torvalds and Andrew Morton,
Linus's was not counted. As a result of how the process works, everything
that goes through Andrew gets a signoff from Linus; not counting those
signoffs gives a more accurate picture of how the review was actually done.
Developers with the most signoffs (total 5653)
Andrew Morton
1247
21.6%
Linus Torvalds
397
6.9%
David S. Miller
381
6.6%
Greg Kroah-Hartman
329
5.7%
Jeff Garzik
287
5.0%
James Bottomley
264
4.6%
Paul Mackerras
223
3.9%
Mauro Carvalho Chehab
150
2.6%
Len Brown
128
2.2%
Ralf Baechle
122
2.1%
Roland Dreier
116
2.0%
Andi Kleen
113
2.0%
Russell King
101
1.8%
Jaroslav Kysela
100
1.7%
John W. Linville
70
1.2%
Tony Luck
65
1.1%
Takashi Iwai
63
1.1%
Jens Axboe
58
1.0%
Martin Schwidefsky
55
1.0%
Ingo Molnar
51
0.9%
One question which comes up sometimes is: how do these numbers look for
specific parts of the kernel tree? Your editor duly hacked on his scripts
to generate this sort of information. Here is a summary of the results -
using the employer by-changesets numbers:
Employer changeset contributions by subsystem
/arch (1428 total)
(Unknown)
222
15.5%
IBM
198
13.9%
Red Hat
128
9.0%
(None)
108
7.6%
Renesas Technology
101
7.1%
MIPS Technologies
89
6.2%
Sony
55
3.9%
Novell
46
3.2%
Intel
46
3.2%
rPath
42
2.9%
/block (103 total)
NTT
27
26.2%
Oracle
15
14.6%
(Unknown)
10
9.7%
IBM
8
7.8%
Red Hat
6
5.8%
(None)
5
4.9%
Miracle Linux
4
3.9%
Computer Consultants
3
2.9%
Novell
3
2.9%
Sony
3
2.9%
/Documentation (241 total)
(Unknown)
66
27.4%
Novell
27
11.2%
IBM
19
7.9%
Oracle
19
7.9%
(None)
18
7.5%
Intel
16
6.6%
Red Hat
13
5.4%
(Consultant)
6
2.5%
Freescale
5
2.1%
NEC
4
1.7%
/drivers (2762 total)
(Unknown)
572
20.7%
(None)
356
12.9%
Novell
237
8.6%
Red Hat
236
8.5%
IBM
191
6.9%
Intel
130
4.7%
(Consultant)
68
2.5%
NTT
65
2.4%
Qumranet
63
2.3%
QLogic
61
2.2%
/fs (622 total)
Red Hat
107
17.2%
Oracle
80
12.9%
NetApp
74
11.9%
(Unknown)
72
11.6%
Novell
63
10.1%
IBM
56
9.0%
Univ. of Michigan CITI
35
5.6%
SGI
26
4.2%
(Academia)
19
3.1%
SWsoft
17
2.7%
/kernel (938 total)
Red Hat
259
27.6%
(Unknown)
129
13.8%
IBM
119
12.7%
Renesas Technology
52
5.5%
(None)
44
4.7%
Novell
36
3.8%
MIPS Technologies
31
3.3%
Fujitsu
30
3.2%
Intel
28
3.0%
Linutronix
27
2.9%
/mm (261 total)
IBM
38
14.6%
(Unknown)
38
14.6%
Renesas Technology
33
12.6%
SGI
29
11.1%
Novell
24
9.2%
Google
19
7.3%
Red Hat
13
5.0%
(None)
10
3.8%
ARM
7
2.7%
igel
6
2.3%
/net (833 total)
(Unknown)
178
21.4%
Astaro
92
11.0%
Red Hat
87
10.4%
(None)
71
8.5%
IBM
53
6.4%
Linux Foundation
48
5.8%
NetApp
47
5.6%
Broadcom
23
2.8%
Intel
18
2.2%
HP
17
2.0%
From these numbers, one might conclude that Red Hat developers are strong
in the core kernel area, but they don't much like writing documentation.
There is a lot of "hobbyist" participation in the driver subtree - not a
particularly surprising result, since making a specific device work is a
common itch for developers to scratch. Academics like to play with
filesystems, as do, unsurprisingly, companies like Oracle and NetApp.
Beyond being approximate, all of the numbers shown above will change a bit
before the final 2.6.23 release, which is probably at least three weeks
away. The patches which will be merged in the coming weeks should all be
fixed, though, so the changes will, with any luck at all, be small. All
told, 2.6.23 shows an active kernel development community with
contributions from a large number of developers - and quite a few companies
which employ them. The kernel remains a vibrant and alive base on which to
build our free systems.
(Thanks are due to Greg Kroah-Hartman for his contributions to the scripts
used to generate these statistics).
The RPM Fusion Project was announced this
week. Three repositories, Dribble, Freshrpms and Livna will merge to provide Fedora and Red
Hat Enterprise Linux users with add-on software packages.
This will actually be separated into two repositories. One for free and
the other for non-free software (as defined by the Fedora Packaging
Guidelines). The free repository, presumably hosted outside the U.S., will
contain software that cannot be packaged by Fedora because of
U.S. restrictions (patents), but is considered free in other parts of the
world. The current
thought is that it should be possible for Fedora to link to this
repository from the main Fedora site, although I don't think that the Red
Hat legal department has had its final say.
The non-free repository will contain software that has "no commercial use"
restrictions or otherwise doesn't conform to anyone's definition of free
such as the the graphics drivers from Nvidia. It seems unlikely that a
link will be made from a main Fedora site to this non-free area, but a link
could be made from the free part of RPM Fusion.
RPM Fusion repositories will follow Fedora's packaging guidelines (except
for legal), Fedora's review process for new submissions, Fedora's VCS
structure, etc. to ensure compatibility with Fedora systems.
RPM Fusion will have competition from other projects. ATrpms.net has declined to join RPM Fusion.
Axel
Thimm wrote:
Over the last couple of months I had been involved in two projects, epel
and rpmfusion, that happened to also involve Thorsten. It turns out that
we make a very bad team to make an understatement. I don't like what epel
is turning to, and I also don't like what rpmfusion has stalled into.
My personal dream of getting all third party repos including not
only the ones that are still on this list, but also Dag, Dries, KB,
ccrma and centos+/sl+ slowly crumbled into ashes. Instead of a grand
merger we would simply achieve reducing N to M < N.
RPMforge.net is yet another somewhat
similar project. According to its manifest: "The
RPMforge.net project is an independent community-driven project to provide
the infrastructure and tools to allow users, developers and packagers to
meet and work together to provide and improve RPM packages." This
project provides an extensive list of RPM packages for Red
Hat, Fedora and Aurora systems.
For many users the RPM Fusion project will provide all the extra packages
they need. Other users will appreciate that they have a choice, other
places where their needs may be met. Some competition is rarely a bad
thing.
The Fedora
Electronic Laboratory is a new spin for Fedora; a live CD with KDE and
software for an electronic laboratory. The first development snapshot,
based on Fedora 8 Test 1, is available for testing.
Sun Microsystems has announced
the availability of an update for Solaris 10. "New for Solaris 10
8/07 is Solaris Containers for Linux Applications, enabling customers to
run existing Linux applications on x86 systems..."
The third beta of openSUSE 10.3 is available for testing. This is last
beta release before the RC phase. Click below to see what has changed
since beta 2, most annoying known bugs, what needs testing and how to get a
copy.
Debian Testing, the branch of Debian that will become the next stable
release, is making a small change in how users are notified of security
fixes. This post explains the three ways
security issues might be fixed and how only one way would lead to an
announcement. This is the first automatic
mailing that will provide an overview of the security issues that were
recently fixed in Debian Testing.
Click below for a recap of what was discussed at the Fedora Release
Engineering Meeting held September 10, 2007. Some topics include F8T2,
names for F8 and turning off packages for FC6.
The fedora-india
mailing list is now available for communication and collaboration
between a growing list of Indian contributors to the Fedora Project.
The Ubuntu Weekly Newsletter for September 8, 2007 covers new Ubuntu and
MOTU members, the Tribe 6 milestone, an Ubuntu get-together, the one year
anniversary of French UWN translations, and much more.
The DistroWatch
Weekly for September 10, 2007 is out. "Enthusiasm for Linux and
open source software is clearly growing; with last week's announcements
about Lenovo's preferred Linux distro poll and AMD's opening up its ATI
video drivers, things have never looked this exciting on the
Linux-supporting hardware front! But some questions remain: do we really
want every major PC manufacturer to support Ubuntu only? And will other
distributions be able to catch with the increasing dominance of Canonical's
operating system? Read more in our editorial. In the news section, openSUSE
shows faith in KDE 4.0, Puppy Linux launches a major upgrade, and StartCom
announces a new release of its workstation for audio enthusiasts. Finally,
if you live in or near Toronto, don't miss the upcoming Linux conference
called Ontario Linux Fest."
DesktopLinux looks
at the upcoming release of MEPIS 7. "MEPIS has released Beta3 of
SimplyMEPIS 7.0, its full-featured Debian-based Linux, and Beta 2 of MEPIS
AntiX (pronounced "Antics"), which is designed to run on very old 32-bit PC
hardware. MEPIS 7, unlike Ubuntu-based MEPIS 6.5, is built on Debian
4.0. This beta boasts kernel version 2.6.22.5 which contains minor patches
from the Kernel Development Team as its heart."
TuxMachines has a progress
report on openSUSE 10.3. "Welp, we're in the homestretch
now. Beta 3 of openSUSE 10.3 was released a few days ago, and with only one
more developmental release before final, we were hoping things were
starting to shape up. This release doesn't bring too many surprises or any
new eye candy, but most subsystems are stablizing. With 587 MB of changes,
developers are homing in on their goal."
TuxMachines takes a
look at Kanotix 2007 beta. "The last Kanotix release (based on
Debian Sid), KANOTIX-2006-01-RC4, came out in October, 2006. Shortly
thereafter, a Kanotix co-developer (and many of Kanotix's other developers)
left the project and founded their own, mainly due to a disagreement over
whether Kanotix should be based on Sid (Debian's unstable branch) or
something less volatile, like Etch (Debian's current stable branch) or
Ubuntu. Kanotix's founder, Jörg Schirottke (aka Kano), now has a new,
Etch-based version of Kanotix in development, code-named
"Thorhammer.""
Phil Harvey's
ExifTool
utility is a cross-platform Perl-based application that can be used
to inspect and modify
Exchangeable image file format (Exif) metadata from digital images:
ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in image, audio and video files. ExifTool supports many different types of metadata including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FujiFilm, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Ricoh, Sanyo, Sigma/Foveon and Sony.
Exiftool has a long list of
features, these include reading and modifying data from a large
number of digital cameras, support for a long list of image
filetypes, operation on single files and directory trees of files
and much more. A huge number of metadata
tag names are supported.
Installation of ExifTool on a Ubuntu 7.04 system involved the
trivial step of selecting the libimage-exiftool-perl package in the
synaptic package management application and selecting "install".
The perl-doc package was
also added to support the application's online documentation.
ExifTool was run on a test image, the
example output
shows the large amount of image metadata produced by a modern
digital camera (Nikon Coolpix S10). Lots of useful information
was found, such as the image resolution, creation date/time
and camera exposure settings for the particular image.
Your author experimented a bit with changing some fields in
his test image. Changing a writable field was as simple as typing:
exiftool -Comment="new comment" DSCN0432.JPG on the command
line, but some difficulty was found with modifying multi-word field
names, specifically "User Comment". The documentation was
consulted and the command
exiftool -listw DSCN0432.JPG was run, showing a long list
of writable field names.
A discrepancy involving inter-word whitespace was found between
the displayed field names and those that need to be entered on the
command line. The online manual could be a bit more clear on this point.
Still, no luck was had changing the "User Comment" field.
The problem was finally resolved by using the -m flag to ignore
"minor errors" such as "Bad NikonPreview directory", which showed up
when examining images from this particular camera. Running
exiftool -m -UserComment="new user comment" DSCN0432.JPG
finally produced the desired change to the image metadata.
The project's
version history notes the recent release of version 6.96,
which adds support for a number of camera manufacturers' subfields
and fixes some bugs. The software is available for download from the
ExifTool
project page, or older versions may be installed from your favorite
distribution's package repository. ExifTool has been released under the
same licensing terms
as the Perl language.
If you need to examine or modify Exif data from digital images,
ExifTool is a powerful tool that can get the job done.
Version 2.0.3 RC 1 of the Firebird DBMS has been
announced.
"This sub-release introduces a number of bug fixes done since the v.2.0.1 release in March and a couple of important fixes to the withdrawn v.2.0.2. It does not add any new functionality to the database engine."
Samba version 3.0.26a has been announced.
"This is a bug fix release of the Samba 3.0.26 code base and
is the version that servers should be run for for all current
Samba 3.0 bug fixes." See the
download site for more details.
Version 1.1 final of NagVis has been
announced.
"NagVis is a visualization addon for the well known network managment system Nagios. NagVis can be used to visualize Nagios Data, e.g. to display IT processes like a mail system or a network infrastructure.
There were many, many improvements since NagVis 1.0. We highly recommend to update to version 1.1."
Version 1.19.0 of PIKT, the Problem Informant/Killer Tool,
is out with new features, improved documentation and bug fixes.
"PIKT is cross-categorical, multi-purpose software for monitoring and
configuring computer systems, administering networks, organizing system
security, and much more.
PIKT is intended primarily for system monitoring, and secondarily for
configuration management, but its versatility and extensibility evoke many
other wide-ranging uses."
Three new versions of the Apache web server, 2.2.6, 2.0.61 and 1.3.39,
have been announced. The older versions feature bug and security fixes and:
"Apache 2.2 offers numerous enhancements, improvements, and
performance boosts over the 2.0 codebase."
Version 1.4.18 of lighttpd, a
light weight web server, has been announced.
"So here we are again. The previous release is already 12 days old! It already got grey hair.
And again we have a small security bug! It seems, if you get the more popular, more people are looking at your code. This time Mattias Bengtsson and Philip Olausson from secweb.se took a look at the code. They found a small bug that could lead to remote code execution in fastcgi applications."
Version 2.05 (maintenance release) of Zenoss Core has been
announced.
"Zenoss Core is an enterprise network and systems management application written in Python/Zope. Zenoss provides an integrated product for monitoring availability, performance, events and configuration across layers and across platforms."
Tim Blechmann has released several audio filters as LADSPA plugins:
"i just releases some filters as ladspa plugins, that i originally wrote
for nova, so that they can easily be used from any ladspa-aware
application."
Librepos 0.0.23
is out with a number of new capabilities.
"Librepos is a point of sale application designed for touch screens, supports ESC/POS ticket printers, customer displays and barcode scanners. It is multiuser and has a great backoffice with a product entry form, reports and charts.
A lot of progress has been made since the previous release and there will be more progress the next release. A discussion in the forums explaining in detail the features included this release will start soon."
Version 0.9.6 of opentaps has been
announced, it features bug fixes.
"opentaps is a Java open source ERP and CRM suite based on the Apache OFBIZ framework and includes capabilities for ecommerce, product catalog, warehouse management, manufacturing, financial management and accounting, customer relationship management, sales force automation, marketing management, and data integration. It is compatible with all major databases, including MySQL, PostgreSQL, MS SQL Server, and Oracle and can be deployed on Linux or Windows."
Version 1.3.0 of Sailcut CAD has been
announced.
"Sailcut CAD is a sail design and plotting software. It allows you to design and visualise your own sail and compute the accurate development of all panels in flat sheets.
The Sailcut CAD project is pleased to announce release 1.3.0 of its sail plotting package. This release is the result of nearly a year of development and it contains both bug fixes and
a number of new features which users requested."
Version 2.19.92 of the GNOME desktop environment has been announced.
"This is our ninth development release and first release candidate for
GNOME 2.20.0, which will be released later this month. This release is
the last before hard code freeze starts on september 10th. Please test
this as much as you can and file bugs in http://bugzilla.gnome.org/ if
you want them fixed before the final release."
Version 2.19.92 of GARNOME, the bleeding edge GNOME distribution, is out.
"We are pleased to announce the release of GARNOME 2.19.92 Desktop and
Developer Platform. This release includes all of GNOME 2.19.92 plus a
bunch of updates that were released after the GNOME freeze date.
This is the last release in the unstable cycle, with nothing but fixes
added. It is for anyone who wants to get his hands dirty on the
development branch, or who'd like to get a peek at future features."
The beta 2 release of version 4.0 of the K Desktop Environment (KDE),
codenamed Cartoffel, has been
announced.
"This release marks the beginning of the feature freeze and the stabilization of the current codebase. Simultaneously the KOffice developers have released their third Alpha release, marking significant improvements in this innovative office suite. Both KDE and KOffice have benefited from the Google Summer of Code, as most resulting code has now been merged.
Since the libraries were frozen with the first Beta, KDE developers have been adding features and functionality to their applications. Now it is time to start polishing these features; writing and translating documentation, improving the usability, and completing the artwork."
The KDE 4.0.0 release schedule has been updated, KDE 4.0.0 should come out
on October 30.
"We, The Release Team, hereby announce that we are accelerating the
KDE 4.0.0 schedule 2 weeks by removing 1 Beta and slightly
extending the Release Candidate cycle.
Additionally, we are introducing a new "KDE Development Platform"
release to occur in late October. These release will contain all the bits
and pieces necessary to develop KDE4 applications; meaning it will
include kdesupport, kdelibs, kdepimlibs and kdebase/runtime."
The September 9, 2007 edition of the
KDE Commit-Digest
has been announced:
"In this week's KDE Commit-Digest: Colour Picker and Welcome applets appear for Plasma. Many bugs fixed, especially through the merge of the Summer of Code project "KRDC Revamp". A KPart created, amongst other improvements in Marble. Support for XESAM UserLanguage queries in Strigi. More work, especially in playlist handling, for Amarok 2.0. Improved search interface in KSystemLog. A return to work on KRecipes. KVocTrain is renamed Parley. Restart of development on a successor to the Eigen math library, Eigen2..."
Release 7.3 of the X window system is out.
"The X11R7.3 release incorporates the 1.4 version of the X.Org X Server, which
is most notable for the addition of input hotplugging support, with device
detection managed either through HAL or a dbus-connected manager.
Also new in the X Server since X11R7.2 is the 1.2 version of the RandR
extension, which allows for runtime configuration of outputs within X Screens
and an improved static configuration system for multihead in a RandR 1.2
environment.
This release also rolls in a new driver, xf86-video-vermilion, and re-adds
the xf86-video-glide driver which had been present in the monolithic releases.
The xbacklight command-line tool is also added for configuring backlight
properties through RandR 1.2. Other modules have also gone through the usual
host of updates and bugfixes as well."
Stable version 1.2.0-20070902 of gEDA/gaf, a collection of electronic
design tools, has been
announced.
"This release rolls up the changes from the last 2
months of development. Many thanks to everybody involved."
Version 1.4.4 of Robocode
is out with bug fixes.
"Robocode is a Java programming game, where the goal is to develop a robot battle tank to battle against other tanks. The robot battles are running in real-time and on-screen. The motto of Robocode is: Build the best, destroy the rest!"
Build 11 of Widelands, a cross-platform game that was inspired by
Bluebyte's Settlers II, has been
announced.
"Build-11 represents a huge leap forward for Widelands, with many new features and a large number of improvements to gameplay. Among the new features are fog of war, autosaves, replays of entire games and a new campaign interface."
Version 2.8.5 of wxWidgets
has been announced, it feature bug fixes.
"wxWidgets is a mature, open source, cross-platform application framework for C++ and other languages."
Version 0.7.0.1 of the
Chandler Desktop Project
has been announced, it features many new capabilities.
"Chandler Desktop is an open source, standards-based personal information
manager (PIM) built around small group collaboration and a core set of
information management workflows modeled on Inbox usage patterns and
David Allen's GTD methodology."
Geotag 0.011 has been
announced. Geotag is:
"A platform independent program to geotag images (use GPS data to store location information with the image). Uses external maps to fine-tune locations.
New in this version:
Added support for the following RAW file formats:
ARW, DCR, RAF, SR2, SRF, X3F. Exiftool can only read those files,
so locations are automatically stored in XMP sidecar files."
The GCC 4.2.2 status report has been published.
"The GCC 4.2.1 release was July 18, so our target for a 4.2.2 release is
September 18th. I plan to build RC1 this Sunday, September 9. If all
goes well, we'll have 4.2.2 out around the 18th; if not, we'll delay a
bit from there.
One critical issue: has GCC 4.2.x been fully converted to GPLv3, at this
point? If not, we'll have to wait until that is done before we can
release, per the FSF's instructions."
The GCC 4.3.0 status report has been published.
"We are closing in on Stage 3, previously announced for September 10th.
At this point, I'm not aware of any reason to delay that date. Are
there any Stage 2 patches that people don't think will be submitted by
that point?
Are there Stage 1 or Stage 2 patches in need of review? I'll do my best
to either (a) convince someone to review them, or (b) review them myself."
Anthony Green
interviews Tom Tromey.
"Tom Tromey is making some interesting changes to GCC. I interviewed him via email to learn more...
green: You recently started a project to turn GCC into an "incremental compiler". What will be "incremental" about it?
tromey: When recompiling, GCC won't redo all the work of compiling a file. Instead, it will only recompile the parts that have changed.
For this to work well, we'll also eventually need an incremental linker. Luckily there are some new linkers on the horizon which should help.
Down the road I'd like to look at exploiting the server code (the incremental compiler runs as a server) to provide "IDE assist" -- indexing and the like."
Brian Suda
discusses HTML microformats on O'Reilly's XML.com.
"Microformats are a way to embed specific semantic data into the HTML that we use today. One of the first questions an XML guru might ask is "Why use HTML when XML lets you create the same semantics?" I won't go into all the reasons XML might be a better or worse choice for encoding data or why microformats have chosen to use HTML as their encoding base. This article will focus more on how to extract microformats data from the HTML, how the basic parsing rules work, and how they differ from XML."
Version 3.5.0 of EJBCA has been
announced.
"EJBCA is an enterprise class Certificate Authority using J2EE technology. EJBCA builds on the J2EE platform to create a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in any J2EE app.
We are proud to announce EJBCA 3.5.0, with enhanced features all over, both enterprise class stuff, and simpler stuff.
This is a major release with many new interesting features and framework improvements."
Free Pascal 2.2.0, a release over two years in the making, is now
available. Improvements include the addition of the PowerPC architecture,
better debugging support, implementation of more language features, and
more.
Stable version 2.2.1 of Anjuta DevStudio, an Integrated Development
Environment (IDE) for GNOME, has been
announced.
"Anjuta 2.2.1 is follow up bugfix release to stable 2.2.x (Hurricane) series. It fixes several important crash bugs and improves stability."
Version 1.3.9 of Pydev
is available with new features and bug fixes. Pydev is: a
"Python Development Environment (Python IDE plugin for Eclipse). Features editor, code completion, refactoring, outline view, debugger, and other goodies".
As should probably be obvious to anyone who thinks about it, Tor (aka The Onion Router) exit nodes can
see unencrypted traffic sent through that network. A Swedish security
researcher signed up five servers as exit nodes and analyzed the the
traffic that passed through them. Wired has coverage
of the kinds of information he was able to see. "Victims of
Egerstad's research project included embassies belonging to Australia,
Japan, Iran, India and Russia. Egerstad also found accounts belonging to
the foreign ministry of Iran, the United Kingdom's visa office in Nepal and
the Defence Research and Development Organization in India's Ministry of
Defence."
Linux-Watch
covers
Red Hat's latest business deals.
"Red Hat is continuing to land big, fat contracts for its Red Hat Enterprise Linux server. This week saw major deals with the French Ministry for Education and the Swedish Association of the Pharmaceutical Industry.
In the first deal, the French Ministry for Education migrated 2,500 servers across its 30 local education authorities to RHEL. This decision was in line with the Ministry's strategy to invest in open-source solutions to free itself from proprietary software and vendor lock-in."
LinuxWorld interviews Richard Stallman, covering mostly familiar ground. "I wrote the GNU GPL to defend freedom for all users of all versions of a program. I developed version 3 to do that job better and protect against new threats.
[Linus] Torvalds says he rejects this goal; that's probably why he doesn't appreciate GPL version 3. I respect his right to express his views, even though I think they are foolish. However, if you don't want to lose your freedom, you had better not follow him."
This article from O'Reilly's Women in Technology series looks
at Python as a female friendly programming language. "Studies
have shown that women tend to have low self-efficacy, to underrate their
ability with computers, and even to view CS as more difficult than surgery!
To combat this, we need to incorporate programming earlier and more
extensively in middle school and high school curricula, using a language
such as Python. Most programming languages require a great amount of
abstract or technical detail and knowledge to do even the simplest
tasks. Python strips away the cruft and allows you to program the way you
think. A task you could assign a second grader, such as "print 'hello
world'," is just as simple as it sounds when you use Python."
Bruce Byfield works with
web cameras on Linux.com.
"If you want the old-time GNU/Linux experience, try configuring a Web camera. Unlike most peripherals, webcams are generally not configured during installation. Moreover, where printers have the Common Unix Printing System (CUPS) and its interfaces, with webcams you are generally thrown back on whatever resources you can find on the Internet and your own knowledge of kernel modules and drivers. These obstacles means that configuring webcams can be a challenge -- but with determination and thoroughness, and maybe a little luck, you can get your webcam running in less than an afternoon.
The best scenario for configuring a webcam is when you buy an external one."
LinuxDevices covers a
successor to the Linux-based NSLU2 (aka "SLUG"). "As delivered out
of the box, the NAS200 appears to be a very simple consumer device aimed at
Windows PC users, or at least users with SMB-based networks. However, a
nicely organized source code tree and a system-on-chip processor executing
applications built for the 486 architecture could ultimately make the
NAS200 even more popular with hackers than the NSLU2, for which multiple
alternative firmware builds have cropped up."
iTWire has an overview of Snort,
the free intrusion detection system (IDS). "Snort's third
operating mode – network intrusion detection – is when the
magic happens. Here, Snort actually pays attention to the network traffic
passing its electronic eyes and matches what it sees according to a
database of updatable signatures as well as any custom user-defined
rules. In this mode, Snort does for networks what anti-virus tools do for
filesystems."
Linux Journal takes a
look at the Trolltech Greenphone SDK. "Trolltech recently
released many smartphone developers' dream combination-the Linux-based
Greenphone and its open-source Qtopia Phone SDK. The Trolltech Greenphone
is a full-featured tri-band GSM (900/1800/1900MHz) mobile phone with a
built-in 1.3 megapixel camera. Like many other modern smartphones, it
features a QVGA touchscreen, Bluetooth, client USB, mini-SD Flash and
stereo audio connectors."
Lauren Wood talks
about standards in this O'ReillyNet Women in Technology article.
"Standards have been an important part of my career for some years
now. I've served on--and chaired--technical committees in a number of
industry consortia (W3C, OASIS, IETF, and Liberty Alliance). Standards are
important in technology: using them brings benefits to go along with the
costs, even though, as the old cliché says, "The good thing about
standards is there are so many from which to choose.""
Apache Software Foundation has
announced the second year of LDAP certification for the
Apache Software Foundation's Directory Project.
"The Apache
Software Foundation's (ASF) Directory Project today announced its continued
certification to the Lightweight Directory Access Protocol (LDAP) product
standard as defined by The Open Group. The Apache Directory Server 1.0
(ApacheDS) is the first and, currently, only Open Source LDAP server
among several certified commercial directory solutions."
Electronic Frontier Foundation has announced the hiring of Jennifer
Stisa Granick as its Civil Liberties Director.
"Noted computer crime attorney Jennifer
Stisa Granick has joined the Electronic Frontier Foundation
(EFF) as its new Civil Liberties Director, working on
government surveillance, Fourth Amendment, computer
security, and computer crime law.
Granick previously was Executive Director at Stanford Law
School's Center for Internet and Society as well as
Director of the Cyberlaw Clinic."
OpenOffice.org has announced that IBM has
joined the community and plans to assist in the development of the office software.
"IBM will be making initial code contributions that it has been developing as part of its Lotus Notes product, including accessibility enhancements, and will be making ongoing contributions to the feature richness and code quality of OpenOffice.org. Besides working with the community on the free productivity suite's software, IBM will also leverage OpenOffice.org technology in its products."
Mandriva has announced the launch of Mandriva Australia.
"The Australian Market is ready for Linux expansion: about 50% of
servers in Australia currently operate on Linux. The huge growth of
Linux in China will in the near future give great impetus to the
availability of Linux-based hardware and drivers for Australia. For
this partnership, Mandriva has selected ArnSys Pty Ldt for its
expertise".
Microsoft Corp. has
announced the launch of Silverlight(TM) 1.0, a cross-browser,
cross-platform plug-in that aims to compete with Adobe's Flash.
"In addition, Microsoft will work with Novell Inc. to deliver Silverlight
support for Linux, called Moonlight, and based on the project started on
mono-project.com.
Silverlight significantly reduces development and deployment costs and
provides enhanced Web audio and video streaming and playback using
industry-leading Windows Media(R) Technologies."
The Microsoft/Novell deal rolls forward with this announcement of the opening of a shared "interoperability lab". "Located in Cambridge, the 2,500-square-foot lab and workspace will be
home to a combined team of the best and brightest Microsoft and Novell
engineers focused on making Windows Server and SUSE Linux Enterprise work
better together. The first priority for the lab team will be to ensure
interoperability between Microsoft and Novell virtualization technologies.
Additional work will include standards-based systems management, identity
federation and compatibility of office document formats."
The OpenMoko wiki has an
updated schedule that shows the phones reaching customers by 25
December. There is also more information about the new hardware (WiFi,
faster processor, accelerometers, and more). "We will sell this
device through multiple channels. Direct from openmoko.com, the price will
be $450 for the Neo Base and $600 for Neo Advanced."
It would seem that QNX is feeling the pressure from Linux; the company has just announced that it will be making the source for its "Neutrino" realtime operating system available under a "hybrid" license. "Not only can developers view the QNX Neutrino source code, but they can
improve, modify, or extend that code for their own purposes or for the QNX
community at large. They can then choose to offer back those changes to QNX
Software Systems and the QNX development community or to keep their
modifications private and proprietary." What they can't do is deploy the code commercially without paying royalties.
RedPost inc. has launched Corktop, a networked digital signage application
that runs under Linux.
"Eric Kanagy, CEO, founded the company after discovering that digital
signage is far too expensive and complicated. "Until now, places like
Times Square have dominated digital signage -- you can spend millions
of dollars on signage when you have a million people walking by every
week. The local shoe store, coffee shop or bar can't afford a Times
Square digital sign. Corktop is the beginning of a paradigm shift --
digital signage will be accessible to everyone.""
Sun has announced the acquisition of Cluster File Systems. "Sun intends to add support for the Solaris Operating
System (Solaris OS) on Lustre and plans to continue enhancing Lustre on
Linux and Solaris OS across multi vendor hardware platforms."
ThalesRaytheonSystems has
announced the winning of a $25.6 million contract with the
US Air Force to upgrade the NORAD Battle Control System-Fixed (BCS-F),
which controls the North American airspace.
"Having common software and a common human-machine interface between
the fixed and mobile communities will reduce development, testing, and
training costs for the Air Force," said Daniel De Sollar, director of
ThalesRaytheonSystems Air C2 Systems in the U.S. "The upgrades will not
only ensure a common look and feel between today's BCS-F and the mobile
command and control variant, but they will also convert to the Linux
operating system in order to take advantage of the latest hardware
available."
VMware, Inc. has announced
that it has released a majority of VMware Tools as open source software as
part of the project Open Virtual Machine Tools. Open Virtual Machine Tools
(open-vm-tools) is hosted at Sourceforge.
No Starch Press has published the book The LEGO MINDSTORM NXT Idea Book by Martijn Boogaarts, Jonathan A. Daudelin, Brian L. Davis,
Jim Kelly, David Levy, Lou Morris, Fay Rhodes, Rick Rhodes, Matthias Paul Scholz, Christopher R. Smith and Rob Torok.
Les Trophées du
Libre is a contest to reward innovative free software in six different
categories: Security, Games/Multimedia, Education, Scientific software,
Public sector software and Enterprise software. Register your project
before October 1, 2007. Nominees will be announced on November 1, 2007 and
the final deliberation of the jury and the award of prizes will take place
on November 29, 2007 in Soissons, France.
An embedded Linux mini-conference is being announced for linux.conf.au, which is being held in Melbourne, Australia in January of 2008. The focus of the mini-conference is the diversity of embedded Linux devices. A call for papers for the event is also part of the announcement. Click below for more information.
A worldwide Django sprint has been
announced.
"On Friday, Sept. 14, 2007, we're going to hold a worldwide Django sprint -- an excuse for people to focus their undivided attention for a full day (or two) on improving Django.
We've got a bunch of features that are almost done but haven't yet been committed/merged -- including newforms-admin, ORM aggregate support, multi-DB support and GeoDjango. Plus, we've got almost 1,000 open tickets in our ticket system. We plan to devote at least 24 hours of focused work to get some of this done in an organized fashion, and also to encourage new people to contribute. If all goes well on Friday, we'll probably continue to Saturday."
The speaker line up for
hack.lu 2007
has been announced, the event will take place in
Luxembourg on October 18-20, 2007.
"We managed again to have speakers from all over the world
coming to Luxembourg, the small country in Europe. There is a large
diversity of interesting topics covered during the three days of this
intimate security conference."
KDE.News has announced
a polishing event for
KDE-EDU, The KDE Education Project.
"This Saturday (15.09.) will see the first KDE-EDU 4.0 Polishing Day. The aim is to allow direct communication between users and developers. Issues, doubts and new ideas can be discussed, solved and coded in real time. For this purpose, a meeting will be held in #kde-polishing from 8:00 to 15:00 UTC. KHangMan, KGeography and blinKen will be this first meetings subjects."
The Linux Foundation has announced a pair of legal summits, to be held in
October and sometime in the (northern hemisphere) spring. "At this
invitation-only Summit, members will focus on the issues of greatest common
interest with regards to open standards and licensing. Presentations and
working sessions will focus on building a legal defense infrastructure for
Linux and evolving intellectual property rights policies optimized to
support open development models."
Sun Microsystems, Inc. has
announced the Sun Tech Days.
"Sun Microsystems, Inc., today announced the details of the Sun
Tech Days worldwide developer conferences for 2007-2008. This year marks
the 10th anniversary of the Sun Tech Days program -- a 15 city world tour
designed to educate developers in local markets. Based on feedback from
developers around the world, the Sun Tech Days program has been expanded to
include content on Ajax and Web 2.0 related frameworks and toolkits,
application performance tuning, JRuby, and building rich Web applications
with jMaki and JavaFX Script.
![[Linus Torvalds]](/images/conf/lce2007/lt-sm.jpg)
The 2007 version of the Linux Kernel Developers' Summit was held on
September 5 and 6 in Cambridge, UK. Approximately 80 developers
at this invitation-only event held discussions on a wide variety of topics
covering all aspects of kernel development. As usual, LWN editor Jonathan
Corbet was there. Reports from the sessions will appear below as they are
written.
![[Arjan van de Ven]](/images/conf/lce2007/arjan-sm.jpg)
![[Matthew Garrett]](/images/conf/lce2007/mgarrett-sm.jpg)
![[Jörn Engel]](/images/conf/lce2007/jengel-sm.jpg)
Jörn Engel gave a talk on the death of hard disks. His core point is
that flash-based storage is faster, requires less power, makes less noise,
and is more robust than rotating storage. It is also more expensive, for
now, but flash is getting cheaper much more quickly. Jörn projects
that flash-based drives will become more economical than hard drives
between 2012 and 2019, depending on which drives one looks at.
![[Chris Mason]](/images/conf/lce2007/cmason-sm.jpg)
![[Seek counts plot]](/images/conf/lce2007/seek-counts.png)
![[Summit group photo]](/images/conf/lce2007/SummitGroup500.jpg)