|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] The end of tasklets

[Kernel] Posted Feb 5, 2024 15:36 UTC (Mon) by corbet

A common problem in kernel development is controlling when a specific task should be done. Kernel code often executes in contexts where some actions (sleeping, for example, or calling into filesystems) are not possible. Other actions, while possible, may prevent the kernel from taking care of a more important task in a timely manner. The kernel community has developed a number of deferred-execution mechanisms designed to ensure that every task is handled at the right time. One of those mechanisms, tasklets, has been eyed for removal for years; that removal might just happen in the near future.

Full Story (comments: 1)

[$] Zig 2024 roadmap

[Development] Posted Feb 2, 2024 15:12 UTC (Fri) by daroc

The Zig language 2024 roadmap was presented in a talk last week on Zig Showtime (a show covering Zig news). Andrew Kelley, the benevolent dictator for life of the Zig project, presented his goals for the language, largely focusing on compiler performance and continuing progress toward stabilization for the language. He discussed details of his plan for incremental compilation, and addressed the sustainability of the project in terms of both code contributions and financial support.

Full Story (comments: 67)

[$] The hard life of a virtual-filesystem developer

[Kernel] Posted Feb 1, 2024 16:56 UTC (Thu) by corbet

Filesystem development is not an easy task; the performance demands are typically high, and the consequences for mistakes usually involve lost data and irate users. The implementation of a virtual (or "pseudo") filesystem — a filesystem implemented within the kernel and lacking a normal backing store — can also be challenging, but for different reasons. A series of conversations around the eventfs virtual filesystem has turned a spotlight on the difficulty of creating a virtual filesystem for Linux.

Full Story (comments: 37)

[$] LWN.net Weekly Edition for February 1, 2024

Posted Feb 1, 2024 0:57 UTC (Thu)

The LWN.net Weekly Edition for February 1, 2024 is available.

Inside this week's LWN.net Weekly Edition

  • Front: System-call pinning; Emacs 30; Integer wraparound; Things nobody wants to pay for; Rust 2024 edition.
  • Briefs: GCC security features; glibc vulnerability; State of eBPF; glibc 2.39; LibreOffice 24.2; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

[$] OpenBSD system-call pinning

[Security] Posted Jan 31, 2024 19:46 UTC (Wed) by daroc

Return-oriented programming (ROP) attacks are hard to defend against. Partial mitigations such as address-space layout randomization, stack canaries, and other techniques are commonly deployed to try and frustrate ROP attacks. Now, OpenBSD is experimenting with a new mitigation that makes it harder for attackers to make system calls, although some security researchers have expressed doubt that it will prove effective at stopping real-world attacks. In his announcement message, Theo de Raadt said that this work "makes some specific low-level attack methods unfeasable on OpenBSD, which will force the use of other methods."

Full Story (comments: 2)

[$] Looking ahead to Emacs 30

[Development] Posted Jan 30, 2024 21:29 UTC (Tue) by jake

EmacsConf 2023 was, like its recent predecessors, an online conference with lots of talks about various aspects of the Emacs editor—though, of course, it is way more than just an editor. Last year's edition was held in early December. One of the talks that looked interesting was on Emacs development, which was given live by John Wiegley. In it, he briefly described some of the biggest features coming in Emacs 30, which is the next major version coming for the tool.

Full Story (comments: 6)

[$] Defining the Rust 2024 edition

[Development] Posted Jan 29, 2024 17:22 UTC (Mon) by daroc

In December, the Rust project released a call for proposals for inclusion in the 2024 edition. Rust handles backward incompatible changes by using Editions, which permit projects to specify a single stable edition for their code and allow libraries written in different editions to be linked together. Proposals for Rust 2024 are now in, and have until the end of February to be debated and decided on. Once the proposals are accepted, they have until May to be implemented in time for the 2024 edition to be released in the second half of the year.

Full Story (comments: 184)

[$] Better handling of integer wraparound in the kernel

[Security] Posted Jan 26, 2024 15:41 UTC (Fri) by corbet

While the mathematical realm of numbers is infinite, computers are only able to represent a finite subset of them. That can lead to problems when arithmetic operations would create numbers that the computer is unable to store as the intended type. This condition, called "overflow" or "wraparound" depending on the context, can be the source of bugs, including unpleasant security vulnerabilities, so it is worth avoiding. This patch series from Kees Cook is intended to improve the kernel's handling of these situations, but it is running into a bit of resistance.

Full Story (comments: 81)

[$] The things nobody wants to pay for

[Development] Posted Jan 25, 2024 15:53 UTC (Thu) by corbet

The free-software community has managed to build a body of software that is worth, by most estimates, many billions of dollars; all of this code is freely available to anybody who wants to use or modify it. It is an unparalleled example of independent actors working cooperatively on a common resource. Free software is certainly a success story, but all is not perfect. One of the community's greatest strengths — convincing companies to contribute to this common resource — is also part of one of its biggest weaknesses.

Full Story (comments: 62)

LWN.net Weekly Edition for January 25, 2024

Posted Jan 25, 2024 0:23 UTC (Thu)

The LWN.net Weekly Edition for January 25, 2024 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Pip; Microdot; mseal(); 6.8 Merge window; CPython code generation; Jujutsu.
  • Briefs: Linux 6.8-rc1; Slowroll misunderstandings; Firefox 122; Sourcehut outage; Vizio ruling; Dave Mills RIP; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

Security updates for Monday

[Security] Posted Feb 5, 2024 15:04 UTC (Mon) by jake

Security updates have been issued by Debian (rear, runc, sudo, and zbar), Fedora (chromium, grub2, libebml, mingw-python-pygments, and python-aiohttp), Gentoo (FreeType, GNAT Ada Suite, Microsoft Edge, NBD Tools, OpenSSL, QtGui, SDDM, Wireshark, and Xen), Mageia (dracut, glibc, nss and firefox, openssl, packages, perl, and thunderbird), Slackware (libxml2), SUSE (java-11-openjdk, java-17-openjdk, perl, python-uamqp, slurm, and xerces-c), and Ubuntu (libssh and openssl).

Full Story (comments: none)

Kernel prepatch 6.8-rc3

[Kernel] Posted Feb 4, 2024 15:46 UTC (Sun) by corbet

The 6.8-rc3 kernel prepatch is out for testing. "A slightly larger rc3 that I'd have hoped for, although at this stage in the release process it's not something that really worries me yet."

Comments (none posted)

Phipps: The European regulators listened to the Open Source communities

[Briefs] Posted Feb 2, 2024 14:14 UTC (Fri) by corbet

Simon Phipps writes on the Open Source Initiative blog that the latest version of the European Cyber Resilience Act is much improved: "As a result of all this effort from so many people, the final text of the CRA mitigated pretty much all the risks we had identified to individual developers and to Open Source foundations."

Comments (28 posted)

Security updates for Friday

[Security] Posted Feb 2, 2024 14:09 UTC (Fri) by corbet

Security updates have been issued by Debian (chromium, man-db, and openjdk-17), Fedora (chromium, indent, jupyterlab, kernel, and python-notebook), Gentoo (glibc), Oracle (firefox, thunderbird, and tigervnc), Red Hat (rpm), SUSE (cpio, gdb, gstreamer, openconnect, slurm, slurm_18_08, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, squid, webkit2gtk3, and xerces-c), and Ubuntu (imagemagick and xorg-server, xwayland).

Full Story (comments: none)

Damn Small Linux 2024 released

[Distributions] Posted Feb 1, 2024 14:53 UTC (Thu) by corbet

A new version of the Damn Small Linux distribution has come out with an updated definition of "damn small":

The new goal of DSL is to pack as much usable desktop distribution into an image small enough to fit on a single CD, or a hard limit of 700MB. This project is meant to service older computers and have them continue to be useful far into the future. Such a notion sits well with my values. I think of this project as my way of keeping otherwise usable hardware out of landfills.

Comments (4 posted)

Stable kernels 6.7.3, 6.6.15, and 6.1.76

[Kernel] Posted Feb 1, 2024 14:08 UTC (Thu) by jake

The 6.7.3, 6.6.15, and 6.1.76 stable kernels have been released. These contain a large number of important fixes throughout the tree, as is the norm.

Comments (none posted)

Security updates for Thursday

[Security] Posted Feb 1, 2024 13:57 UTC (Thu) by jake

Security updates have been issued by Debian (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), Fedora (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), Gentoo (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), Red Hat (firefox, gnutls, libssh, thunderbird, and tigervnc), SUSE (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and Ubuntu (glibc and runc).

Full Story (comments: none)

GNU C Library 2.39 released

[Development] Posted Jan 31, 2024 23:41 UTC (Wed) by corbet

Version 2.39 of the GNU C Library has been released. Changes include integration with the x86 shadow-stack mechanism, a couple of new posix_spawn() variants for working with control groups, pidfd_spawn() and pidfd_spawnp(), the C2X stdbit.h header, the removal of the libcrypt library, and more. See the release notes for details.

Comments (8 posted)

LibreOffice 24.2 Community released

[Development] Posted Jan 31, 2024 20:41 UTC (Wed) by corbet

Version 24.2 of the LibreOffice office suite is available. Changes include AutoRecovery enabled by default, styling of comments, better floating-table support, improved accessibility, and more. See the release notes for details.

Comments (19 posted)

A locally exploitable glibc vulnerability

[Security] Posted Jan 31, 2024 16:25 UTC (Wed) by corbet

Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.

For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 are vulnerable to this buffer overflow. Furthermore, we successfully exploited an up-to-date, default installation of Fedora 38 (on amd64): a Local Privilege Escalation, from any unprivileged user to full root. Other distributions are probably also exploitable.

Vulnerable systems with untrusted users should probably be updated in a timely manner.

Comments (2 posted)

--> More news items


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds