Brief items
Security
Conill: Rethinking sudo with object capabilities
Ariadne Conill is exploring a capability-based approach to privilege escalation on Linux systems.
Inspired by the object-capability model, I've been working on a project named capsudo. Instead of treating privilege escalation as a temporary change of identity, capsudo reframes it as a mediated interaction with a service called capsudod that holds specific authority, which may range from full root privileges to a narrowly scoped set of capabilities depending on how it is deployed.
Kernel development
Kernel release status
The current development kernel is 6.19-rc1, released on December 14. Linus said:
So it's Sunday afternoon in the part of the world where I am now, so if somebody was looking at trying to limbo under the merge window timing with one last pull request and is taken by surprise by the slightly unusual timing of the rc1 release, that failed.Teaching moment, or random capricious acts? You be the judge.
Stable updates: 6.18.1, 6.17.12, and 6.12.62 were released on December 12.
The 6.18.2, 6.17.13, and 6.12.63 updates are in the review process; they are due on December 18.
Quotes of the week
Rust is is not a "silver bullet" that can solve all security problems, but it sure helps out a lot and will cut out huge swatches of Linux kernel vulnerabilities as it gets used more widely in our codebase.— Greg Kroah-HartmanThat being said, we just assigned our first CVE for some Rust code in the kernel: https://lore.kernel.org/all/2025121614-CVE-2025-68260-558d@gregkh/ where the offending issue just causes a crash, not the ability to take advantage of the memory corruption, a much better thing overall.
Note the other 159 kernel CVEs issued today for fixes in the C portion of the codebase, so as always, everyone should be upgrading to newer kernels to remain secure overall.
If you can't convince the [Linux security module] people to take your code, you sure can't convince me.— Linus TorvaldsI already think we have too many of those pointless things. There's a fine line between diversity and "too much confusion because everybody thinks they know best". And the linux security modules passed that line years ago.
Distributions
Asahi Linux 6.18 progress report
The Asahi Linux project has published
its progress report following the release of Linux 6.18. This time
around the project reports progress on many fronts, including
microphone support for M2 Pro/Max MacBooks, work queued for Linux 6.19
to support USB3 via the USB-C ports, and work to improve the Asahi
Linux installation experience. The project is also enabling as
additional System Management Controller (SMC) drivers, which means
that "the myriad voltage, current, temperature and power sensors
controlled by the SMC will be readable using the standard hwmon
interfaces
".
Pop!_OS 24.04 LTS released
Version 24.04 LTS of the Ubuntu-based Pop!_OS distribution has been released with the COSMIC Desktop Environment:
Today is special not only in that it's the culmination of over three years of work, but even more so in that System76 has built a complete desktop environment for the open source community. We're proud of this contribution to the open source ecosystem. COSMIC is built on the ethos that the best open source projects enable people to not only use them, but to build with them. COSMIC is modular and composable. It's the flagship experience for Pop!_OS in its own way, and can be adapted by anyone that wants to build their own unique user experience for Linux.
In addition to the COSMIC desktop environment, Pop!_OS is now available for Arm computers with the 24.04 LTS release, and the distribution has added hybrid graphics support for better battery life. LWN covered an alpha version of COSMIC in August 2024.
Announcing Vojtux: a Fedora-based accessible Linux distribution
Vojtěch Polášek has announced an unofficial effort to create a Fedora-based distribution designed for visually impaired users:
My ultimate vision for this project is "NO VOJTUX NEEDED!" because I believe Fedora should eventually be fully accessible out of the box. We aren't there yet, which is where Vojtux comes in to fill the gap. [...]
Key Features:
-Speaks out of the box: When the live desktop is ready, Orca starts automatically. After installation, it is configured so that it starts on the login screen and also after logging in.
-Batteries included: Comes with LIOS , Ocrdesktop, Tesseract, Audacity, and command-line tools like Git and Curl. There are also many preconfigured keyboard shortcuts.
See the repository for instructions on getting the image.
Distributions quote of the week
— Thorsten LeemhuisWondering when it is the best time to test the kernel to prevent Linux Kernel regressions from hitting Arch Linux, Fedora Linux, or openSUSE Tumbleweed?
It's now, as the first pre-release of #Linux 6.19 is out – which leaves plenty of time to find, report, debug, and fix any problems that those distros otherwise will encounter when they switch to 6.19.y in about eight to ten weeks. And testing is not even hard, as easy-to-install packages with pre-built mainline kernels exist for all three distros.
In case you want to play it a bit safer, delay testing by one week till -rc2 is out – bugs that lead to data loss introduced before -rc1 are extremely rare but will almost certainly have been found and fixed by then.
Anything up to 6.19-rc6 (five weeks from now) is still okayish, but less ideal.
The sixth -rc is your last good chance to test. Linus by then wants all regressions that have become known since the beginning of the 6.19 cycle fixed – but in case some were missed or not reported yet, there is still enough time to report, debug, and fix them before they reach those distros.
Testing any later is often too late: most bugs then can't be fixed anymore before those distros will switch to the 6.19.y series, which will happen within one or two weeks (in the case of Arch and Tumbleweed) or three to four (Fedora) after 6.19 is released.
Development
KDE Gear 25.12 released
KDE has announced the release of KDE Gear 25.12. This release adds more "extractors" to the Itinerary travel-assistant application, improved Git support in the Kate text editor, better PDF export in Konqueror, and much more. See the changelog for all new features, improvements, and bug fixes.
Mozilla gets a new CEO: Anthony Enzor-DeMeo
Mozilla has announced
a new CEO, Anthony Enzor-DeMeo. Prior to becoming CEO, Enzor-DeMeo was
general manager of Firefox and led its "vision, strategy, and
business performance
". He has published
a blog post about taking over from interim CEO Laura Chambers, and
his plans for Mozilla and Firefox:
As Mozilla moves forward, we will focus on becoming the trusted software company. This is not a slogan. It is a direction that guides how we build and how we grow. It means three things.
- First: Every product we build must give people agency in how it works. Privacy, data use, and AI must be clear and understandable. Controls must be simple. AI should always be a choice — something people can easily turn off. People should know why a feature works the way it does and what value they get from it.
- Second: our business model must align with trust. We will grow through transparent monetization that people recognize and value.
- Third: Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions.
Rust 1.92.0 released
Version 1.92.0 of the Rust language has been released. This release includes a number of stabilized APIs, emits unwind tables by default on Linux, validates input to #[macro_export], and much more. See the separate release notes for Rust, Cargo, and Clippy.
Development quote of the week
The practice of software development is creating problems, solving them, and then doing it again, and again. This is called iterative development.— Lars Wirzenius
Page editor: Daroc Alden
Next page:
Announcements>>