Brief items [LWN.net]

Security

Cook: security things in Linux v5.4

A bit belatedly, Kees Cook looks at some security-relevant changes in Linux 5.4 in a blog post. He lists a small handful of changes, including: "After something on the order of 8 years, Linux can now draw a bright line between 'ring 0' (kernel memory) and 'uid 0' (highest privilege level in userspace). The 'kernel lockdown' feature, which has been an out-of-tree patch series in most Linux distros for almost as many years, attempts to enumerate all the intentional ways (i.e. interfaces not flaws) userspace might be able to read or modify kernel memory (or execute in kernel space), and disable them. While Matthew Garrett made the internal details fine-grained controllable, the basic lockdown LSM can be set to either disabled, 'integrity' (kernel memory can be read but not written), or 'confidentiality' (no kernel memory reads or writes). Beyond closing the many holes between userspace and the kernel, if new interfaces are added to the kernel that might violate kernel integrity or confidentiality, now there is a place to put the access control to make everyone happy and there doesn’t need to be a rehashing of the age old fight between 'but root has full kernel access' vs 'not in some system configurations'."

Comments (2 posted)

OpenSSH 8.2 released

OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

Full Story (comments: 53)

The Linux Foundation and Harvard’s Lab for Innovation Science release census for open-source software security

The Linux Foundation's Core Infrastructure Initiative and Harvard University's Lab for Innovation Science have teamed up on a census of the most critical open-source components in today's production applications. The report [PDF], titled "Vulnerabilities in the core", identified more than 200 projects and details 20 of them. More information can be found in the press release and, of course, the report. "This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security."

Comments (3 posted)

Security quote of the week

In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz.” Although there is no public formal description of Voatz’s security model, the company claims that election security and integrity are maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user’s device. In this work, we present the first public security analysis of Voatz, based on a reverse engineering of their Android application and the minimal available documentation of the system. We performed a cleanroom reimplementation of Voatz’s server and present an analysis of the election process as visible from the app itself.

We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality. Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections.

— Michael A. Specter, James Koppel, and Daniel Weitzner [PDF]

Comments (7 posted)

Kernel development

Kernel release status

The current development kernel is 5.6-rc2, released on February 16. Linus said: "More than half the rc2 patch is actually Documentation updates, because the kvm docs got turned into RST. Another notable chunk is just tooling updates, which is about 50/50 perf updates (much of it due to header file syncing) and - again - kvm".

Stable updates: 5.5.4, 5.4.20, 4.19.104, 4.14.171, 4.9.214, and 4.4.214 were all released on February 14. 5.5.5, 5.4.21, and 4.19.105 were released on February 19.

Comments (none posted)

Quotes of the week

The "community as a whole" is not a person and does not have a coherent opinion. You will never please everyone and as you've suggested below, it can be hard to tell how strongly people really hold the opinions they reveal.

You need to give up trying to please "the community", but instead develop your own sense of taste that aligns with the concrete practice of the community, and then please yourself. [...]

Your goal isn't to ensure everyone is happy, only to ensure that no-one is justifiably angry.

— Neil Brown

In reality, anyone who can use git and has a decent understanding of the code base, team rules and git workflow can perform the Release Lead role. But a fair few people have said they don't want to do it because they are scared of making a mistake and being yelled at by Our Mighty Leaders.

That is a result of the fact that a Linux Maintainer is seen as a _powerful position_ because of the _control and influence_ it gives that person. It's also treated like an exclusive club (e.g. invite-only conferences for Maintainers) and it's effectively a "job for life". i.e. Once people get to this level, they don't want to step away from the role even if they are bad at it or it stresses them out severely. How many people do you know who have voluntarily given up a Maintainer position because they really didn't want to do it or they thought someone else could do a better job?

— Dave Chinner

Comments (6 posted)

Distributions

NetBSD 9.0 released

The NetBSD 9.0 release is out. "This is the seventeenth major release of the NetBSD operating system and brings significant improvements in terms of hardware support, quality assurance, security, along with new features and hundreds of bug fixes." Significant new features include Arm64 support, better virtualization support, kernel address-space layout randomization, and more; see the release notes for details.

Full Story (comments: 2)

Distribution quote of the week

PS: Debian-devel is likely the wrong place to redesign C/POSIX functions.

— Anthony DeRobertis

Comments (none posted)

Development

Development quote of the week

I think a part of the reason why more designers don't contribute to open source is that often it requires you to rethink the entire product from the ground up and make changes that require someone else to do a lot of work. And maybe even remove features that [are] blocking a good experience. That's actually how I start every project I work on, I dig in and question everything and make sure to strip it down to its bare bones and build it back up with a clear focus.

I think removing features is possibly one of the hardest things to do for an open source project because there will always be that one guy who really, really, really wants that feature and will be very vocal about it. For a project with a financial incentive, this is an easy decision to make. But for an open source project, this can lead to an endless discussion spanning many months. On top of that, someone may have put a lot of work into building that feature and might feel insulted if it is deleted. All this can lead to a lot of resentment and drain the energy out of the project.

— Gilli

Comments (none posted)

Page editor: Jake Edge
Next page: Announcements>>