|
|
Subscribe / Log in / New account

Brief items

Security

Cook: security things in Linux v5.2

Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. "While the SLUB and SLAB allocator freelists have been randomized for a while now, the overarching page allocator itself wasn't. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle)."

Comments (none posted)

Security quotes of the week

The best way out of Facebook's dominance is to have it give up total control over the data it collects. But, here, the FTC has done the reverse. It has given Facebook more control over the data it collects in the name of "protecting" privacy. This is backwards. Rather than saying that Facebook shouldn't be the one protecting all that data, the FTC is just saying "protect it better, and don't let any other service be allowed to come in and do anything." And that includes the kinds of competitive services that are necessary to eat away at Facebook's position.
Mike Masnick

With this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be having not the fake one about whether or not we can have both security and surveillance.
Bruce Schneier

Comments (2 posted)

Kernel development

Kernel release status

The current development kernel is 5.3-rc1, released on July 21. Linus said: "Anyway, despite the rocky start, and the big size, things mostly smoothed out towards the end of the merge window. And there's a lot to like in 5.3".

Stable updates: 5.2.2, 5.1.19, 4.19.60, 4.14.134, 4.9.186, and 4.4.186 were released on July 21.

The massive 5.2.3 (413 patches), 5.1.20 (371 patches), and 4.19.61 (271 patches) updates are in the review process; they are due on July 26.

Comments (none posted)

Distributions

Introducing Fedora CoreOS

Fedora Magazine covers the first preview release of Fedora CoreOS, a new Fedora edition built specifically for running containerized workloads. "It's the successor to both Fedora Atomic Host and CoreOS Container Linux. Fedora CoreOS combines the provisioning tools, automatic update model, and philosophy of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host."

Comments (7 posted)

Page editor: Jake Edge
Next page: Announcements>>


Copyright © 2019, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds