LWN.net Logo

LWN.net Weekly Edition for November 26, 2003

Examining an attack on the GPL

On November 21, a law firm called Wolf, Greenfield & Sacks, P.C saw fit to issue a press release on the evils of the GPL. By the reckoning of Steve Henry, a "senior intellectual property lawyer" with the firm, the GPL is indeed scary:

This "time bomb" lurks because a popular license for open source, the GNU General Public License, (GPL) is "viral." The license attaches to any product with GPL-licensed code, including a derivative work, he said. The entire software package becomes open source and the company thus must distribute it freely and let anyone copy it. A widely used open-source utility, for instance, could "infect" hundreds of software products and destroy their commercial value.

We found this reading of the GPL to be interesting, so we asked Mr. Henry to explain his reasoning a bit. We thank him for getting back to us; for the curious, we have put his full response on a separate page. We'll just look at the core of his claims here. What Mr. Henry tells us is:

Those who portray the GPL as an entirely innocent and voluntary instrument take a simplistic view of the GPL itself as well as of both copyright law and contract law. They often project onto others the benevolent behaviors and actions they attribute to themselves. The problem is that others are not always so benevolent and if the GPL is an enforceable contract, then it may not only be enforceable by the licensor, but also by third-party beneficiaries (under at least some conditions).

So, if you see the GPL as a contract, those who have received GPL-licensed software can enforce that contract's provisions against you. How could that be a problem? According to Mr. Henry:

So, if a company downloads a GPL product, and incorporates it into the company's product in such a way that the company's product is considered a "derived" work or a work "containing" the downloaded code, not only is the company obligated to use the GPL to distribute its product, but also it is obligated not to charge. And its licensees automatically receive a license under GPL terms for the original code. If the company uses a different license (a) it could be liable for copyright infringement, (b) it could be liable for breach of contract, and (c) it could be subject to a court order for "specific enforcement" of the GPL obligation to distribute the derivative work under the GPL. The licensor of the downloaded code could enforce the GPL, as might a licensee of the company (as a third-party beneficiary).

Mr. Henry's point (a) is not controversial; if you use copyrighted work in violation of the license that applies to that work, you are infringing the copyright. There is nothing unique to the GPL there. Point (c) is the crux of the matter: Mr. Henry claims that, if you distribute a product containing GPL-licensed code, anybody receiving that code could sue to have your proprietary code relicensed. The fact that nobody has ever attempted to do this is irrelevant by this analysis; in the future somebody could make a try at it.

One could argue that, even if this reasoning holds, there is no real problem here. If a company does not wish to abide by the terms of the GPL, it should simply avoid incorporating GPL-licensed code into its products. Once again, the GPL does not differ from any other software license in this regard: if you do not like the license, nobody forces you to use the code. But the fact is that, by this argument, GPL-licensed code is more actively dangerous than other code. If you get caught using somebody's proprietary code, all you have to do is settle the copyright infringement claims and get on with life. With GPL-licensed code, you still have the infringement issue, but you could also be forced to give your proprietary products away. That would be a heavy price for a company to pay just because one of its employees slips some GPL-licensed code into its product.

But does this reasoning hold water? We dropped a note to FSF counsel Eben Moglen to get his opinion on Mr. Henry's argument. His response was:

So far as "specific performance" is concerned, there is *no* legal support for the claim. "Specific performance" is the name of a contract remedy; the GPL is not a contract. In the event of copyright infringement the relevant possible remedies are: (1) damages, actual or statutory; and (2) an injunction to prohibit infringing distribution.

If the GPL is not a contract, what is it? If you look at §106 of the U.S. copyright code, it states:

Subject to sections 107 through 121, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted work in copies or phonorecords; (2) to prepare derivative works based upon the copyrighted work; ...

One of the rights given to copyright holders is to authorize others to create copies and derivative works. The GPL is that authorization: you have the right to create certain kinds of copies and derived products from GPL-licensed code. You have not signed a contract with the copyright holder, and you have not paid any sort of consideration, which is a required part of any legal contract. So you, as the recipient of GPL-licensed code, do not have any contract rights against those who distributed that code to you. Even the copyright holder lacks such rights, though the holder does have the right to claim infringement if the provisions of the GPL are not followed.

Mr. Moglen concluded with: "This talk about 'incorporating' GPL'd code in a product leading to forcing the rest of the product open is scare-mongering." We are inclined to agree. Anybody who is truly concerned about such issues, however, should discuss it with their own lawyer rather than taking our word for it.

Comments (55 posted)

Lawyers in charge

Anybody following the SCO Group story is aware that, in the last couple of weeks, the company has issued a new set of threats. Among other things, SCO claims that it will, soon, file suit against at least one Linux user. It is tempting to disregard these threats as just more bluster coming out of the company. Threats against other Unix vendors have failed to come to pass, the deadline for the company's "half-price Linux License" promotion continues to recede, the flood of invoices they promised us never appeared, etc. Why should things be different this time? When the weakness of SCO's case and the fact that a copyright suit would require a rather more straightforward unveiling of the company's evidence is considered, more lawsuits may seem unlikely.

There is, however, a recent Gartner Group pronouncement which is relevant here:

SCO has declared in filings with the U.S. Securities and Exchange Commission that its competitive position could decline if the company can't obtain additional financing. The latest share issue will dilute shareholders' investments about 3.5 percent. It comes on top of a previously announced arrangement giving Boies, Schiller & Flexner a 20-percent share in SCO if the company were sold. SCO also received an investment of $50 million from BayStar Capital in return for 17.5 percent of outstanding shares. We believe that these moves compromise SCO's mission as a software company. Increasingly, the legal and financial aspects of the intellectual property infringement cases will absorb the company's attention, and a law firm will be in an increasingly powerful position to set the overall agenda for its compensation. Therefore, SCO will likely pursue claims against Linux users quickly.

Of course, one could rephrase the above more succinctly: the company has no revenue stream and the lawyers are running the show. SCO has no real alternatives to income from litigation at this point, and its lawyers have nothing to lose from filing more lawsuits. Gartner could be right: SCO might indeed try to open up more legal fronts in the near future. If the company chooses its targets carefully, it might just succeed in finding one that will decide to settle rather than get involved in a long intellectual property case.

Or so SCO management must hope. At this point, however, there is enough information about the company's claims out there that any SCO target which takes the time to research the situation may well turn out to be less of a pushover than SCO might wish. In fact, as SCO carries out its search for the softest targets, chances are good it will pass over any company which makes it clear that it will fight back. Potential recipients of SCO licensing claims would do well to bear that in mind.

Comments (7 posted)

The CAN-SPAM bill examined

November 25, 2003

This article was contributed by Joe 'Zonker' Brockmeier.

The U.S. House of Representatives passed a version of the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003," on Saturday. Commonly referred to as the "CAN-SPAM" bill, the House agreed on a version of the bill very similar to the bill passed by the Senate in October. This makes it likely (but not certain) that the U.S. will soon have a national law governing unsolicited commercial e-mail (UCE) -- better known as "spam" (or any number of less polite terms) by the rest of us.

Very few outside of the Washington beltway or the Direct Marketing Association (DMA) seem convinced that the CAN-SPAM bill is going to put a halt to spam. A number of people, including several state Attorneys General have argued that CAN-SPAM will make matters worse, rather than better. There is a fair amount of evidence to support this opinion.

The CAN-SPAM bill actually has the effect of legitimizing spam so long as it is non-fraudulent and provides the recipient with a means to "opt-out" of future e-mails. This is a big win for the DMA, and a major loss for the rest of us. Having to opt-out of receiving spam from each and every "legitimate" source of spam is a burden that should not be placed on the user. Given that there are thousands of legitimate businesses that will seek to make use of e-mail marketing, users are going to be doing a lot of opting out.

What about a "do-not-spam" list? The CAN-SPAM Act does contain a provision to create a national "do-not-spam" list. This can only be seen as a tactical error of gargantuan proportions. While a "do-not-call" list may succeed in reducing or eliminating unwanted telemarketing calls, spammers operating beyond U.S. borders are unlikely to be deterred by the CAN-SPAM provisions. Indeed, getting a copy of the the "do-not-spam" list will likely be a high priority for offshore spammers looking for a roster of known-good e-mail addresses. Users who place their e-mail addresses on a "do-not-spam" list may avoid spam from legitimate businesses, but will still find themselves subjected to unwanted e-mail from offshore spammers. Happily, the CAN-SPAM bill does not require the Federal Trade Commission to create a "do-not-spam" list, it only permits the creation of such a list. Given that the FTC has objected to this provision, implementation seems unlikely.

Even worse, the bill overrides state legislation that may be more stringent than the CAN-SPAM bill. This is presented as a solution to the difficulty for "law-abiding businesses" to comply with anti-spam laws, but complying with multiple state laws is a cost of doing business. This should not be an excuse to shift the burden to users and organizations rather than businesses seeking to advertise their goods or services. By overriding state laws that require "opt-in" rather than "opt-out," the CAN-SPAM Act is giving merchants free reign to send unwanted spam, at least until the user asks to be left alone. While one may argue that any laws against spam are unlikely to be effective, at least laws like those passed in California are stacked in favor of the user rather than the spammers.

Some have claimed that the CAN-SPAM Act may make anonymous e-mails illegal altogether. John Gilmore argues that the bill would make it a crime "to use any false or misleading information in a domain name or email account application, and then send an email." However, this is a somewhat liberal interpretation of the bill, which actually says:

Whoever, in or affecting interstate or foreign commerce, knowingly...
(3) materially falsifies header information in multiple commercial electronic messages and intentionally initiates the transmission of such messages,
(4) registers, using information that materially falsifies the identity of the actual registrant, for 5 or more electronic mail accounts or online user accounts or 2 or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages...

A close reading of this language indicates that merely sending an anonymous e-mail or e-mail with a falsified header would not automatically be a crime. The provisions only apply to those "in or affecting" commerce, which would seem to exclude a user who sends an anonymous e-mail for non-commercial purposes. It might be that the language could be abused to include someone who has sent an anonymous e-mail that may have some impact on a business, perhaps a whistleblower or disgruntled customer sending out negative commentary about a company, but then the user would have to send a relatively large number of e-mails. Further on, the bill classifies "multiple" as "more than 100 electronic mail messages during a 24-hour period," up to 10,000 during a 1-year period.

Unlike some of the state laws, which allow users to sue spammers directly, the CAN-SPAM Act seems to put users at the mercy of others to take action against spammers who do not comply. The Act explicitly addresses the ability of state and federal agencies to prosecute spammers under the provisions of the Act, and provides authorization for ISPs to bring action against spammers.

There are a few good things about the CAN-SPAM Act. The bill specifically states that nothing in the bill requires an ISP to carry or deliver spam. This prevents spammers from claiming that an ISP is in any way required to deliver spam, even if it is explicitly legal. The bill also contains a provision that allows the court to force a spammer to pay legal fees for the party that initiates proceedings. This may make it more likely that prosecutors will take on spammers who violate provisions of the bill.

CAN-SPAM also makes it illegal to for spammers to use open relays or other methods of hijacking computers to send spam, and requires a working method to opt-out of e-mail. Again, these provisions are unlikely to deter offshore spammers, but the provisions are welcome nonetheless.

Finally, the bill provides for vendor liability. This means that if a vendor contracts with a third party to send e-mail on their behalf, the vendor can be held liable for failure to comply with the CAN-SPAM provisions. This prevents companies from contracting with offshore spammers to escape legal liability.

In all, however, the CAN-SPAM Act is disappointing legislation. It fails to affirm users' rights to consent to e-mail marketing, and instead burdens them with the responsibility of opting out of unwanted marketing. The bill will negate tougher state laws against spam that have the backing of the general populace in favor of weakened provisions that are backed by lobbyists. After more than six years of Congressional foot-dragging, we will likely be stuck with a law that does little good, and may even serve to exacerbate the problem. It may well be that the spam problem is not solvable by legislation, but, even if it is, the CAN-SPAM act is not the law we need.

(For those who are interested, the full text of the proposed law is available in PDF format.)

Comments (21 posted)

Page editor: Jonathan Corbet

Security

Security news

Infrastructural attacks on free software

The recent compromise of several Debian servers has been well publicized. It appears that the Debian archive was unaffected, and Debian users need not be worried about malware entering their systems by that path. Certainly this event, like the recent kernel backdoor attempt, has raised awareness of the vulnerability of our software repositories. An attacker who is able to slip a bit of evil code into the wrong place could compromise many thousands of systems.

Less attention has been paid to the cost of having the Debian servers be unavailable for the better part of a week. Your editor, waiting for a working version of psycopg to be uploaded to unstable, was merely inconvenienced. Other users, who may have planned significant installations or upgrades, or who were trying to discuss problems with Debian developers will have been rather more inconvenienced. Debian developers, trying to get 3.0r2 out the door, were stopped dead for a while. These consequences are costly enough by themselves, but consider what could happen. Had a major security incident broken out while the Debian servers were unavailable, it would have been difficult or impossible for the project to respond quickly.

Linux systems are living things; even the most stable systems need occasional updates to stay secure. Linux users depend on the availability of their distributions' supporting infrastructure to keep their systems up to date. This sort of attack, by making that infrastructure unavailable, hurts users worldwide, and could leave them unable to respond quickly to serious security problems. Once again, we have been warned that our infrastructure is too fragile and insufficiently secure.

Comments (17 posted)

New vulnerabilities

iproute: local denial of service

Package(s):iproute net-tools CVE #(s):CAN-2003-0856
Created:November 25, 2003 Updated:December 14, 2004
Description: The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible.
Alerts:
Mandrake MDKSA-2004:148 2004-12-13
Fedora FEDORA-2004-154 2004-06-03
Fedora FEDORA-2004-115 2004-05-11
Debian DSA-492-1 2004-04-18
Gentoo 200404-10 2004-04-09
Red Hat RHSA-2003:316-01 2003-11-24

Comments (none posted)

opera buffer overflows

Package(s):opera CVE #(s):CAN-2003-0870
Created:November 20, 2003 Updated:November 24, 2003
Description: The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site. Please see this advisory for further details. These vulnerabilities are fixed in Opera 7.22.
Alerts:
Gentoo 200311-02 2003-11-19

Comments (1 posted)

Pan: denial of service

Package(s):Pan CVE #(s):CAN-2003-0855
Created:November 25, 2003 Updated:December 10, 2003
Description: Pan is a Gnome/GTK+ newsreader. A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author email address. This bug causes a crash (denial of service) but is not further exploitable.
Alerts:
Red Hat RHSA-2003:312-01 2003-12-10
Red Hat RHSA-2003:311-01 2003-11-24

Comments (none posted)

phpSysInfo directory traversal

Package(s):phpsysinfo CVE #(s):CAN-2003-0536
Created:November 25, 2003 Updated:November 25, 2003
Description: phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process.
Alerts:
Gentoo 200311-06 2003-11-22

Comments (none posted)

Updated vulnerabilities

2.4 kernel - several vulnerabilities

Package(s):2.4 kernel CVE #(s):CAN-2003-0461 CAN-2003-0462 CAN-2003-0464 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552
Created:July 21, 2003 Updated:December 23, 2003
Description: Several security issues have been discovered affecting the Linux kernel:
  • CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts for serial links. This could be used by a local attacker to infer password lengths and inter-keystroke timings during password entry.

  • CAN-2003-0462: Paul Starzetz discovered a file read race condition existing in the execve() system call, which could cause a local crash.

  • CAN-2003-0464: A recent change in the RPC code set the reuse flag on newly-created sockets. Olaf Kirch noticed that his could allow normal users to bind to UDP ports used for services such as nfsd.

  • CAN-2003-0476: The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, allowing local users to gain read access to restricted file descriptors.

  • CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. This causes the program to fail to change the ownership and permissions of already opened entries.

  • CAN-2003-0550: The STP protocol is known to have no security, which could allow attackers to alter the bridge topology. STP is now turned off by default.

  • CAN-2003-0551: STP input processing was lax in its length checking, which could lead to a denial of service.

  • CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host.
Alerts:
Red Hat RHSA-2003:408-00 2003-12-19
Gentoo 200308-01 2003-08-14
Debian DSA-358-4 2003-08-13
SuSE SuSE-SA:2003:034 2003-08-12
Debian DSA-358-2 2003-08-05
Debian DSA-358-3 2003-08-04
Debian DSA-358-1 2003-07-31
EnGarde ESA-20032407-018 2003-07-24
Red Hat RHSA-2003:238-01 2003-07-21

Comments (none posted)

apache: buffer overflows in mod_alias, mod_rewrite

Package(s):apache CVE #(s):CAN-2003-0542 CAN-2003-0789
Created:October 28, 2003 Updated:February 13, 2004
Description: André Malo discovered buffer overflows in the mod_alias and mod_rewrite modules of the Apache webserver. These occurred if a regular expression with more than 9 capturing parenthesis was configured. To exploit this, an attacker would need to be able to locally create a carefully crafted configuration file (.htaccess or httpd.conf). CAN-2003-0542

Another buffer overflow in Apache 2.0.47 and earlier in mod_cgid's mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used. CAN-2003-0789.

Alerts:
Whitebox WBSA-2004:015-01 2004-02-12
Fedora FEDORA-2003-004 2004-01-08
Red Hat RHSA-2003:405-00 2003-12-18
Red Hat RHSA-2003:320-01 2003-12-16
Red Hat RHSA-2003:360-01 2003-12-10
Gentoo 200310-03 2003-10-28
Trustix 2003-0041 2003-11-15
Conectiva CLA-2003:775 2003-11-05
Slackware SSA:2003-308-01 2003-11-03
EnGarde ESA-20031105-030 2003-11-05
Mandrake MDKSA-2003:103 2003-11-03
Gentoo 200310-04 2003-10-31
Immunix IMNX-2003-7+-025-01 2003-10-28
OpenPKG OpenPKG-SA-2003.046 2003-10-28

Comments (none posted)

apache2: Denial of Service vulnerability

Package(s):apache2 CVE #(s):
Created:September 29, 2003 Updated:March 25, 2004
Description: A problem was discovered in Apache2 where CGI scripts that write more than 4k to the standard error stream will hang the script's execution. This problem can lead to a denial of service situation. See this bug report for additional details.
Alerts:
Gentoo 200403-04 2004-03-22
Netwosix NW-2004-0006 2004-03-25
Mandrake MDKSA-2003:096-1 2003-10-24
Mandrake MDKSA-2003:096 2003-09-26

Comments (none posted)

CUPS: denial of service

Package(s):CUPS CVE #(s):CAN-2003-0788
Created:November 3, 2003 Updated:March 4, 2004
Description: Paul Mitcheson reported a situation where the CUPS Internet Printing Protocol (IPP) implementation in CUPS versions prior to 1.1.19 would get into a busy loop. This could result in a denial of service. In order to exploit this bug an attacker would need to have the ability to make a TCP connection to the IPP port (by default 631).
Alerts:
SCO Group CSSA-2004-012.0 2004-03-03
Conectiva CLA-2003:779 2003-11-07
Mandrake MDKSA-2003:104 2003-11-05
Red Hat RHSA-2003:275-01 2003-11-03

Comments (none posted)

epic4: buffer overflow

Package(s):epic4 CVE #(s):CAN-2003-0328
Created:November 10, 2003 Updated:November 25, 2003
Description: Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Alerts:
Red Hat RHSA-2003:342-01 2003-11-17
Fedora FEDORA-2003-008 2003-11-12
Debian DSA-399-1 2003-11-10

Comments (none posted)

ethereal: multiple remote and local vulnerabilities

Package(s):ethereal CVE #(s):CAN-2003-0925 CAN-2003-0926 CAN-2003-0927
Created:November 10, 2003 Updated:December 17, 2003
Description: Multiple vulnerabilities have been found in ethereal versions below 0.9.16. Remote attackers can craft packets, and local users can build corrupt trace files, resulting denial of service and remote code execution.
Alerts:
Mandrake MDKSA-2003:114 2003-12-10
Fedora FEDORA-2003-022 2003-11-25
Gentoo 200311-04 2003-11-22
Red Hat RHSA-2003:323-01 2003-11-10
Conectiva CLA-2003:780 2003-11-07

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Red Hat RHSA-2005:005-01 2005-01-05
Debian DSA-154-1 2002-08-15

Comments (none posted)

fetchmail may crash on specially crafted message

Package(s):fetchmail CVE #(s):CAN-2003-0792
Created:October 16, 2003 Updated:April 8, 2004
Description: A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash.
Alerts:
OpenPKG OpenPKG-SA-2004.012 2004-04-08
Gentoo 200403-10 2004-03-30
Netwosix NW-2004-0002 2004-02-20
SCO Group CSSA-2004-004.0 2004-02-19
Slackware SSA:2003-300-02 2003-10-22
Mandrake MDKSA-2003:101 2003-10-16

Comments (none posted)

fileutils/wu-ftpd: denial of service

Package(s):fileutils CVE #(s):CAN-2003-0854
Created:October 22, 2003 Updated:March 2, 2004
Description: There is, it seems, an integer overflow vulnerability in "ls" which can be exploited via wu-ftpd to create a denial of service situation. See this advisory from Georgi Guninski for details.
Alerts:
SCO Group CSSA-2004-006.0 2004-03-01
Trustix 2003-0042 2003-11-15
Mandrake MDKSA-2003:106 2003-11-12
Red Hat RHSA-2003:309-01 2003-11-03
Immunix IMNX-2003-7+-026-01 2003-10-31
Conectiva CLA-2003:771 2003-10-24
Conectiva CLA-2003:768 2003-10-22

Comments (none posted)

glibc - buffer overflow

Package(s):glibc CVE #(s):CAN-2003-0689
Created:October 15, 2003 Updated:November 25, 2003
Description: The GNU C library contains a buffer overflow in the getgrouplist() function. If the user belongs to more groups than the calling application expects, the allocated storage will be overrun.
Alerts:
Gentoo 200311-05 2003-11-22
Mandrake MDKSA-2003:107 2003-11-18
Trustix 2003-0039 2003-11-15
Red Hat RHSA-2003:325-01 2003-11-12
Conectiva CLA-2003:762 2003-10-14

Comments (none posted)

glibc: local DoS vulnerability

Package(s):glibc CVE #(s):CAN-2003-0859
Created:November 14, 2003 Updated:November 18, 2003
Description: Herbert Xu reported that various applications can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The glibc function getifaddrs uses netlink and could therefore be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0859 to this issue.
Alerts:
Fedora FEDORA-2003-002 2003-11-14

Comments (none posted)

glibc: DNS stub resolvers contain buffer overflow vulnerability

Package(s):glibc CVE #(s):CAN-2002-1146
Created:November 7, 2002 Updated:February 5, 2004
Description: DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. (See CERT Vulnerability Note VU#738331)

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, uses the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Alerts:
Mandrake MDKSA-2004:009 2004-02-04
Red Hat RHSA-2002:197-09 2002-11-06
Red Hat RHSA-2002:197-06 2002-10-03

Comments (none posted)

gnupg: key validation

Package(s):gnupg CVE #(s):CAN-2003-0255
Created:May 15, 2003 Updated:November 17, 2003
Description: A key validation bug was discovered in the GNU Privacy Guard (GPG) which would cause keys with more then one user ID to trust all user ID's with the amount of trust given to the most-valid user ID.
Alerts:
SCO Group CSSA-2003-034.0 2003-11-17
Conectiva CLA-2003:694 2003-07-11
Yellow Dog YDU-20030602-4 2003-06-02
Mandrake MDKSA-2003:061 2003-05-22
Slackware ssa:2003-141-04 2003-05-22
Red Hat RHSA-2003:175-01 2003-05-20
Gentoo 200305-04 2003-05-16
OpenPKG OpenPKG-SA-2003.029 2003-05-16
EnGarde ESA-20030515-016 2003-05-15

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Debian DSA-710-1 2005-04-18
Mandrake MDKSA-2003:093 2003-09-18
Conectiva CLA-2003:737 2003-09-12
Red Hat RHSA-2003:264-01 2003-09-09
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:126-01 2003-04-14

Comments (none posted)

hylafax: remote code execution

Package(s):hylafax CVE #(s):CAN-2003-0886
Created:November 10, 2003 Updated:November 20, 2003
Description: Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax's default configuration. The "capi4hylafax" packages also need to be updated as a dependency where they are available. Upgrading to version 4.1.8 fixes the problem; see this advisory for details.
Alerts:
Gentoo 200311-03 2003-11-10
Debian DSA-401-1 2003-11-17
Conectiva CLA-2003:783 2003-11-12
Mandrake MDKSA-2003:105 2003-11-11
SuSE SuSE-SA:2003:045 2003-11-10

Comments (none posted)

KDE: Two issues in KDM

Package(s):kde, xfree86 CVE #(s):CAN-2003-0690 CAN-2003-0692
Created:September 16, 2003 Updated:December 19, 2003
Description: According to this advisory two issues have been discovered in KDM:
  • CAN-2003-0690: Privilege escalation with specific PAM modules. The XDM display manager that ships with XFree86 prior to 4.3 is also vulnerable.
  • CAN-2003-0692: Session cookies generated by KDM are potentially insecure
All versions of KDM as distributed with KDE up to and including KDE 3.1.3 are affected.
Alerts:
Mandrake MDKSA-2003:118 2003-12-19
Gentoo 200311-01 2003-11-15
Debian DSA-388-1 2003-09-19
Conectiva CLA-2003:747 2003-09-19
Mandrake MDKSA-2003:091 2003-09-16
Red Hat RHSA-2003:269-01 2003-09-16

Comments (none posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

libnids: remotely exploitable buffer overflow

Package(s):libnids CVE #(s):CAN-2003-0850
Created:October 29, 2003 Updated:January 6, 2004
Description: libnids (a NIDS plugin which emulates the Linux 2.0 IP stack) contains a buffer overflow vulnerability which can be exploited remotely. Version 1.18 fixes the problem.
Alerts:
Debian DSA-410-1 2004-01-05
Gentoo 200311-07 2003-11-22
Conectiva CLA-2003:773 2003-10-29

Comments (none posted)

libpng, libpng3: buffer overflow

Package(s):libpng, libpng3 CVE #(s):CAN-2002-1363
Created:December 19, 2002 Updated:July 14, 2004
Description: Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer.
Alerts:
Gentoo 200407-06 2004-07-08
OpenPKG OpenPKG-SA-2004.030 2004-07-06
Mandrake MDKSA-2004:063 2004-06-29
Whitebox WBSA-2004:249-01 2004-06-21
Fedora FEDORA-2004-176 2004-06-18
Fedora FEDORA-2004-174 2004-06-18
Fedora FEDORA-2004-175 2004-06-18
Fedora FEDORA-2004-173 2004-06-18
Red Hat RHSA-2004:249-01 2004-06-18
Conectiva CLA-2003:564 2003-01-23
Mandrake MDKSA-2003:008 2003-01-20
OpenPKG OpenPKG-SA-2003.001 2003-01-15
Yellow Dog YDU-20030114-2 2002-01-14
SuSE SuSE-SA:2003:0004 2003-01-14
Red Hat RHSA-2003:006-06 2003-01-09
Debian DSA-213-1 2002-12-19

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 2005-06-16
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-404 2005-06-09
Gentoo 200307-01 2003-07-02
Debian DSA-320-1 2003-06-13

Comments (none posted)

minimalist: unsanitized input

Package(s):minimalist CVE #(s):CAN-2003-0902
Created:November 17, 2003 Updated:November 18, 2003
Description: A security-related problem has been discovered in minimalist, a mailing list manager, which allows a remote attacker to execute arbitrary commands.
Alerts:
Debian DSA-402-1 2003-11-17

Comments (none posted)

mpg123: heap overflow

Package(s):mpg123 CVE #(s):CAN-2003-0865
Created:November 12, 2003 Updated:February 19, 2004
Description: Versions of mpg123 through 0.59s contain a heap overflow which may be exploited remotely (by a hostile server). See this advisory for details.
Alerts:
SCO Group CSSA-2004-002.0 2004-02-19
Debian DSA-435-1 2004-02-06
Conectiva CLA-2003:781 2003-11-12

Comments (none posted)

mplayer: remotely exploitable buffer overflow vulnerability

Package(s):mplayer CVE #(s):CAN-2003-0835
Created:September 29, 2003 Updated:April 6, 2004
Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. Read the full advisory for details.
Alerts:
Mandrake MDKSA-2004:026 2004-04-05
Gentoo 200403-13 2004-03-31
Conectiva CLA-2003:760 2003-10-06
Mandrake MDKSA-2003:097 2003-09-30
Gentoo 200309-15 2003-09-27

Comments (none posted)

Nessus NASL scripting engine security issues

Package(s):nessus CVE #(s):
Created:May 27, 2003 Updated:August 12, 2004
Description: Some some vulnerabilities exsist in the Nessus NASL scripting engine. To exploit these flaws, an attacker would need to have a valid Nessus account as well as the ability to upload arbitrary Nessus plugins in the Nessus server (this option is disabled by default) or he/she would need to trick a user somehow into running a specially crafted nasl script. Read the full advisory for additional information.
Alerts:
Gentoo 200305-10 2003-05-27

Comments (none posted)

nfs-utils xlog() off-by-one bug

Package(s):nfs-utils CVE #(s):CAN-2003-0252
Created:July 14, 2003 Updated:March 8, 2004
Description: Linux NFS utils package contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability by sending specially crafted request to rpc.mountd daemon. See this BugTraq post for more details.
Alerts:
Trustix TSLSA-2004-0009 2004-03-05
SCO Group CSSA-2003-037.0 2003-11-17
Conectiva CLA-2003:700 2003-07-22
Mandrake MDKSA-2003:076 2003-07-21
Gentoo 200307-07 2003-07-19
Yellow Dog YDU-20030718-1 2003-07-18
Slackware SSA:2003-195-01b 2003-07-15
Immunix IMNX-2003-7+-018-01 2003-07-14
SuSE SuSE-SA:2003:031 2003-07-15
Slackware SSA:2003-195-01 2003-07-14
Debian DSA-349-1 2003-07-14
Red Hat RHSA-2003:206-01 2003-07-14

Comments (none posted)

openssh: timing attack leads to information disclosure

Package(s):openssh CVE #(s):CAN-2003-0190
Created:May 2, 2003 Updated:November 30, 2004
Description: From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation."
Alerts:
Ubuntu USN-34-1 2004-11-30
OpenPKG OpenPKG-SA-2003.035 2003-08-06
Red Hat RHSA-2003:222-01 2003-07-29
Gentoo 200305-02 2003-05-13
Gentoo 200305-01 2002-03-05

Comments (1 posted)

postfix: denial of service vulnerabilities

Package(s):postfix CVE #(s):CAN-2003-0468 CAN-2003-0540
Created:August 5, 2003 Updated:May 27, 2004
Description: The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details.
Alerts:
Mandrake MDKA-2004:028 2004-05-26
Trustix 2003-0029 2003-08-04
Mandrake MDKSA-2003:081 2003-08-04
EnGarde ESA-20030804-019 2003-08-04
Conectiva CLA-2003:717 2003-08-04
SuSE SuSE-SA:2003:033 2003-08-04
Red Hat RHSA-2003:251-01 2003-08-04
Debian DSA-363-1 2003-08-03

Comments (none posted)

proftpd: remote root shell

Package(s):proftpd CVE #(s):CAN-2003-0831
Created:September 24, 2003 Updated:January 2, 2004
Description: The ASCII translation mechanism in ProFTPD 1.2.8 contains a vulnerability which will provide a remote attacker with a root shell - if the attacker is able to download a specially-crafted file. See this ISS advisory for more information.
Alerts:
Mandrake MDKSA-2003:095-1 2003-12-31
Conectiva CLA-2003:750 2003-09-29
Gentoo 200309-16 2003-09-28
Trustix 2003-0037 2003-09-27
Mandrake MDKSA-2003:095 2003-09-26
OpenPKG OpenPKG-SA-2003.043 2003-09-25
Slackware SSA:2003-259-02 2003-09-23

Comments (2 posted)

pstack: Buffer overflow

Package(s):pstack CVE #(s):
Created:November 13, 2003 Updated:November 18, 2003
Description: pstack dumps a stack trace for a process, given the pid of that process. Versions prior to 1.2.3 contain a potential buffer overflow vulnerability.
Alerts:
Fedora FEDORA-2003-010 2003-11-12

Comments (none posted)

Multiple-use vulnerability in Safe.pm

Package(s):Safe.pm CVE #(s):CAN-2002-1323
Created:October 9, 2002 Updated:February 20, 2004
Description: usePerl has a description of a vulnerability in the Safe.pm Perl module. It seems that if a Safe compartment is used more than once, it ceases to be safe. The problem is fixed in Safe 2.08.
Alerts:
SCO Group CSSA-2004-007.0 2004-02-20
Gentoo 200212-6 2002-12-20
Trustix 2002-0087 2002-12-19
OpenPKG OpenPKG-SA-2002.014 2002-12-16
Debian DSA-208-1 2002-12-12

Comments (none posted)

sane-backends: several vulnerabilities

Package(s):sane-backends CVE #(s):CAN-2003-0773 CAN-2003-0774 CAN-2003-0775 CAN-2003-0776 CAN-2003-0777 CAN-2003-0778
Created:September 11, 2003 Updated:February 20, 2004
Description: Alexander Hvostov, Julien Blache and Aurelien Jarno discovered several security-related problems in the sane-backends package, which contains an API library for scanners including a scanning daemon (in the package libsane) that can be remotely exploited. These problems allow a remote attacker to cause a segfault fault and/or consume arbitrary amounts of memory. The attack is successful, even if the attacker's computer isn't listed in saned.conf.

You are only vulnerable if you actually run saned e.g. in xinetd or inetd. If the entries in the configuration file of xinetd or inetd respectively are commented out or do not exist, you are safe.

Try "telnet localhost 6566" on the server that may run saned. If you get "connection refused" saned is not running and you are safe.

The Common Vulnerabilities and Exposures project identifies the following problems:

  • CAN-2003-0773: saned checks the identity (IP address) of the remote host only after the first communication took place (SANE_NET_INIT). So everyone can send that RPC, even if the remote host is not allowed to scan (not listed in saned.conf).
  • CAN-2003-0774: saned lacks error checking nearly everywhere in the code. So connection drops are detected very late. If the drop of the connection isn't detected, the access to the internal wire buffer leaves the limits of the allocated memory. So random memory "after" the wire buffer is read which will be followed by a segmentation fault.
  • CAN-2003-0775: If saned expects strings, it mallocs the memory necessary to store the complete string after it receives the size of the string. If the connection was dropped before transmitting the size, malloc will reserve an arbitrary size of memory. Depending on that size and the amount of memory available either malloc fails (->saned quits nicely) or a huge amount of memory is allocated. Swapping and OOM measures may occur depending on the kernel.
  • CAN-2003-0776: saned doesn't check the validity of the RPC numbers it gets before getting the parameters.
  • CAN-2003-0777: If debug messages are enabled and a connection is dropped, non-null-terminated strings may be printed and segmentation faults may occur.
  • CAN-2003-0778: It's possible to allocate an arbitrary amount of memory on the server running saned even if the connection isn't dropped. At the moment this can not easily be fixed according to the author. Better limit the total amount of memory saned may use (ulimit).
Alerts:
SCO Group CSSA-2004-005.0 2004-02-19
SuSE SuSE-SA:2003:046 2003-11-18
Conectiva CLA-2003:769 2003-10-22
Mandrake MDKSA-2003:099 2003-10-09
Red Hat RHSA-2003:278-01 2003-10-07
Debian DSA-379-1 2003-09-11

Comments (none posted)

sendmail: remotely exploitable buffer overflow

Package(s):sendmail CVE #(s):CAN-2003-0694 CAN-2003-0681
Created:September 17, 2003 Updated:November 18, 2003
Description: Michal Zalewski has reported a buffer overflow in sendmail. This overflow, apparently, may be exploited remotely, but only in certain (non-default) configurations. Sendmail 8.12.10 has the fix.
Alerts:
SCO Group CSSA-2003-036.0 2003-11-17
SuSE SuSE-SA:2003:040 2003-09-20
OpenPKG OpenPKG-SA-2003.041 2003-09-19
Conectiva CLA-2003:742 2003-09-18
Yellow Dog YDU-20030917-2 2003-09-17
Immunix IMNX-2003-7+-021-01 2003-09-17
Mandrake MDKSA-2003:092 2003-09-17
Debian DSA-384-1 2003-09-17
Red Hat RHSA-2003:283-01 2003-09-17
Slackware SSA:2003-260-02 2003-09-17
Gentoo 200309-13 2003-09-17

Comments (none posted)

stunnel: signal handler reentrancy DoS

Package(s):stunnel CVE #(s):CAN-2002-1563
Created:July 25, 2003 Updated:November 25, 2003
Description: Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over a secure connection (encrypted using SSL or TLS) or to provide a secure means of connecting to services that do not natively support encryption.

When configured to listen for incoming connections (instead of being invoked by xinetd), stunnel can be configured to either start a thread or a child process to handle each new connection. If Stunnel is configured to start a new child process to handle each connection, it will receive a SIGCHLD signal when that child exits.

Stunnel versions prior to 4.04 would perform tasks in the SIGCHLD signal handler which, if interrupted by another SIGCHLD signal, could be unsafe. This could lead to a denial of service.

Alerts:
Red Hat RHSA-2003:296-01 2003-11-24
SCO Group CSSA-2003-026.0 2003-10-03
Conectiva CLA-2003:736 2003-09-05
Trustix 2003-0030 2003-08-07
EnGarde ESA-20030806-020 2003-08-06
Red Hat RHSA-2003:221-01 2003-07-25

Comments (none posted)

File overwrite vulnerability in tar and unzip

Package(s):tar unzip CVE #(s):CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
Created:October 1, 2002 Updated:April 9, 2006
Description: The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.
Alerts:
Fedora-Legacy FLSA:183571-1 2006-04-04
Red Hat RHSA-2006:0195-01 2006-02-21
Conectiva CLA-2002:538 2002-10-29
Mandrake MDKSA-2002:066 2002-10-10
Mandrake MDKSA-2002:065 2002-10-10
EnGarde ESA-20021003-022 2002-10-03
Gentoo unzip-20021001 2002-10-01
Gentoo tar-20021001 2002-10-01
Red Hat RHSA-2002:096-24 2002-09-18

Comments (1 posted)

Multiple vendor telnetd vulnerability

Package(s):telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 CVE #(s):
Created:May 20, 2002 Updated:October 5, 2004
Description: This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
Alerts:
Gentoo 200410-03 2004-10-05
Yellow Dog YDU-20010810-2 2001-08-10
Yellow Dog YDU-20010810-1 2001-08-10
SuSE SuSE-SA:2001:029 2001-09-03
Slackware sl-997726350 2001-08-09
Red Hat RHSA-2001:100-02 2001-08-09
Red Hat RHSA-2001:099-09 2002-02-07
Red Hat RHSA-2001:099-06 2001-08-09
Progeny PROGENY-SA-2001-27 2001-08-14
Mandrake MDKSA-2001:093 2001-12-17
Mandrake MDKSA-2001:068 2001-08-13
HP HPSBTL0202-023 2002-02-12
Debian DSA-075-2 2001-08-14
Debian DSA-075-1 2001-08-14
Conectiva CLA-2001:413 2001-08-24
SCO Group CSSA-2001-030.0 2001-08-10

Comments (none posted)

vim - modeline vulnerability

Package(s):vim CVE #(s):CAN-2002-1377
Created:January 16, 2003 Updated:February 10, 2004
Description: VIM allows a user to set the modeline differently for each edited text file by placing special comments in the files. Georgi Guninski found that these comments can be carefully crafted in order to call external programs. This could allow an attacker to create a text file such that when it is opened arbitrary commands are executed.
Alerts:
Conectiva CLA-2004:812 2004-02-10
Mandrake MDKSA-2003:012 2003-02-03
Yellow Dog YDU-20030127-3 2003-01-27
Gentoo 200301-13 2003-01-22
OpenPKG OpenPKG-SA-2003.003 2003-01-21
Red Hat RHSA-2002:297-17 2003-01-15

Comments (4 posted)

webmin: session ID spoofing

Package(s):webmin CVE #(s):CAN-2003-0101
Created:June 13, 2003 Updated:November 18, 2003
Description: miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges.
Alerts:
SCO Group CSSA-2003-035.0 2003-11-17
Debian DSA-319-1 2003-06-12

Comments (none posted)

wget: buffer overflow

Package(s):wget CVE #(s):CAN-2003-1565
Created:August 5, 2003 Updated:December 10, 2003
Description: The wget utility contains a buffer overflow which, when exploited with an over-long URL, can enable arbitrary code execution.
Alerts:
Red Hat RHSA-2003:372-01 2003-12-10
SCO Group CSSA-2003-025.0 2003-10-03
Conectiva CLA-2003:716 2003-08-04

Comments (1 posted)

XFree86 4.3.0 integer overflows in font libraries

Package(s):XFree86 CVE #(s):CAN-2003-0730
Created:September 12, 2003 Updated:November 25, 2003
Description: Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients. See the advisory for additional details.
Alerts:
Red Hat RHSA-2003:286-01 2003-11-25
Red Hat RHSA-2003:287-01 2003-11-25
Red Hat RHSA-2003:288-01 2003-11-17
Debian DSA-380-1 2003-09-12
Mandrake MDKSA-2003:089 2003-09-11

Comments (none posted)

zebra: denial of service vulnerability

Package(s):zebra CVE #(s):CAN-2003-0795 CAN-2003-0858
Created:November 13, 2003 Updated:January 7, 2004
Description: Zebra an open source implementation of TCP/IP routing software.

Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0795 to this issue.

Herbert Xu reported that Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0858 to this issue.

Alerts:
Debian DSA-415-1 2004-01-06
OpenPKG OpenPKG-SA-2003.049 2003-11-25
Conectiva CLA-2003:786 2003-11-20
Red Hat RHSA-2003:307-01 2003-11-13

Comments (none posted)

Resources

Quarterly CERT Summary

The quarterly CERT Summary - which describes the security issues being most actively exploited - is out. Of the nine vulnerabilities, six affect only Windows systems. The summary does, however, point out ongoing problems with OpenSSL, OpenSSH, and sendmail.

Full Story (comments: none)

Page editor: Jonathan Corbet

Kernel development

Release status

Kernel release status

The current development kernel is 2.6.0-test10, finally released by Linus on November 23. This patch contains a month's worth of accumulated fixes for serious bugs, and not a whole lot else. Linus notes that there is still a problem associated with preemption out there; the kernel preemption code itself is likely not at fault, but some subsystem or driver out there somewhere is not being entirely preempt-safe. That problem had not been tracked down as of this writing.

The long-format changelog contains the details for the patches incorporated in this release.

Incidentally, -test10 has been dubbed the "stoned beaver" release.

Linus also laid out his thinking for the future:

I'm planning/hoping on basically turning this over to Andrew, and let him decide to make the final 2.6.0 or not. Timing-wise Andrew is apparently going to be off for a few weeks, so regardless of whether this turns out to be rock solid or not, we'll have a few weeks of final testing before that were to happen. Which means that I might still end up making a test11 if Andrew hasn't come back and we find something that warrants it.

Linus's BitKeeper tree holds a small number of additional fixes.

The current stable kernel is 2.4.22, but its time is coming to an end. Marcelo released 2.4.23-rc3 on November 21, with the idea that it would become the final release. Reality dictated otherwise, with the result that 2.4.23-rc4 came out on the 24th, and 2.4.23-rc5 on the 25th. The idea, of course, is that this one will become the final release; stay tuned.

Comments (none posted)

Kernel development news

BSD security levels for Linux

The Linux Security Module (LSM) patch was intended to enable the creation of a wide variety of security regimes for Linux systems. So far, the main user of the LSM functionality has been the NSA SELinux module. But there are signs that other security-oriented developers are beginning to make use of LSM to implement different approaches.

The latest such is the BSD Secure Levels patch posted by Michael Halcrow. This patch is intended to create something resembling BSD's secure level capability for Linux. Thus it implements an integer security level, which has useful values of zero to two. At level zero, the system functions as always - as if the module were not present at all. Zero is the default level, but the level can be raised (but not lowered) by writing the new value to /proc/seclvl.

At level one, a number of actions become disallowed, including:

  • Tracing the init process.
  • Modifying an immutable file.
  • Anything involving raw I/O to a device.
  • Network administration tasks.
  • Changing the user ID of a process.
  • Loading or unloading modules.
  • Writing directly to a mounted block device.
  • Writing to /dev/mem or /dev/kmem.
  • Changing the setuid or setgid bits of a file.

At security level two, a few additional actions are prohibited:

  • Changing the system time - but only if you are trying to set it backward.
  • Writing to any block device, whether mounted or not.
  • Unmounting a filesystem.

The "secure level" patch is thus a way of raising the bar for any potential attacker. At the higher levels, even a process with root privileges cannot make certain kinds of changes to the system. Normally, higher levels are forever; the only way to lower the secure level is to reboot the system. Note, however, that this module allows the administrator to include a small back door by specifying an executable that, when run, causes the secure level to be reset to zero. This feature may be useful for administrators who are converting a system over to secure level operation. Leaving the "emergency reset" option enabled permanently would be dangerously counterproductive, however.

Comments (4 posted)

Review: Linux Kernel Development

Writing books about the Linux kernel is hard. The subject matter is vast, complex, and highly technical. It also is very much a moving target; [Book cover] today's kernel book becomes obsolete in a short period of time. So kernel authors have to pick their subject matter carefully, time things well, and enjoy their fifteen minutes of fame before somebody merges a patch and their words begin the inevitable slide into obsolescence.

The latest kernel book to hit the shelves is Linux K