Brief items

A GCC -fstack-protector vulnerability on arm64

The GCC stack-protector feature detects stack-based buffer overruns by putting a canary value on the stack and noticing if that value is changed. It turns out, though, that dynamically allocated local variables (such as variable-length arrays and space obtained with alloca()) are placed beyond the canary, so overflows of those variables will not be detected. As a result, arm64 binaries built with vulnerable versions of GCC are not as protected as they should be and need to be rebuilt.

Dynamic allocations are just as susceptible to overflows as other locals. In fact, they're arguably more susceptible because they're almost always arrays, whereas fixed locals are often integers, pointers, or other types to which variable-length data is never written. GCC's own heuristics for when to use a stack guard reflect this.

Kees Cook, meanwhile, has pointed out that the kernel no longer uses variable-length arrays, so kernel builds should not be affected by this vulnerability.

Comments (19 posted)

Google bakes a user-tracking ad platform directly into Chrome (Ars Technica)

This Ars Technica article looks at the widespread deployment of Google's "privacy sandbox" in the Chrome browser:

If you haven't been following this, this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask, and it's built directly into the Chrome browser. It's been in the news previously as "FLoC" and then the "Topics API," and despite widespread opposition from just about every non-advertiser in the world, Google owns Chrome and is one of the world's biggest advertising companies, so this is being railroaded into the production builds.

For those who use Chrome anyway, there are instructions on how to disable this functionality.

Comments (31 posted)

Password-stealing Linux malware served for 3 years and no one noticed (Ars Technica)

Ars Technica reports on a credential-stealing Trojan horse that would infect only some of those who installed the "Free Download Manager". The article is based on a Kaspersky report that details the malicious payload offered up at that site from 2020 to 2022.

The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

Comments (6 posted)

Security quotes of the week

An LLM with access to your past conversations and tools like calorie calculators, a restaurant menu database, and your digital payment wallet could feasibly judge that you are trying to lose weight and want a low-calorie option, find the nearest restaurant with toppings you like, and place the delivery order. If it has access to your payment history, it could even guess at how generously you usually tip. If it has access to the sensors on your smartwatch or fitness tracker, it might be able to sense when your blood sugar is low and order the pie before you even realize you're hungry.

[...] It's easy to see how this kind of tool use comes with tremendous risks. Imagine an LLM being able to find someone's phone number, call them and surreptitiously record their voice, guess what bank they use based on the largest providers in their area, impersonate them on a phone call with customer service to reset their password, and liquidate their account to make a donation to a political party. Each of these tasks invokes a simple tool—an Internet search, a voice synthesizer, a bank app—and the LLM scripts the sequence of actions using the tools.

— Bruce Schneier and Nathan Sanders

It is so alarming because software is written, and it raises a significant First Amendment problem for the government to dictate how anything should be expressed, regardless how correct or well-intentioned the government may be. Like a book or newspaper, software is something that is also expressed through language and expressive choices; there is not just one correct way to write a program that does something, but rather an infinite number of big and little structural and language decisions made along the way. But this proposal basically ignores the creative aspect to software development (indeed, software is even treated as eligible for copyright protection as an original work of authorship). Instead it treats it more like a defectively-made toaster than a book or newspaper, replacing the independent expressive judgment of the software developer with the government's. Courts have also recognized the expressive quality to software, so it would be quite a sea change if the Constitution somehow did not apply to this particular form of expression. And such a change would have huge implications, because cybersecurity is not the only reason that the government keeps proposing to regulate software design. The White House proposal would seem to bless all these attempts, no matter how ill-advised or facially censorial, by not even contemplating the constitutional hurdles any legal regime to regulate software design would need to hurdle.

— Cathy Gellis

Comments (24 posted)

Kernel release status

The current development kernel is 6.6-rc1, released on September 10. Linus said:

All the stats for 6.6 look fairly normal so far - as always, the bulk of the patch is drivers (a bit of everything, but networking and gpu are the two biggest areas), with arch updates coming in as a notable second, and then we have tooling and documentation.

Stable updates: the large 6.5.3, 6.4.16, and 6.1.53 updates were released on September 13. Note that the 6.4.x line ends with 6.4.16.

Comments (none posted)

Quotes of the week

I seem to get daily requests from AI people for me to tell them just how AI could help Linux. When I suggest bug report triage and classification would be my number one thing, they all back off faster than a mouse crashing a cat convention with claims like "That's too hard a problem" and also that in spite of ChatGPT getting its facts wrong and spewing rubbish for student essays, it wouldn't survive the embarrassment of being ridiculed by kernel developers for misclassifying bug reports.

— James Bottomley

This isn't the wild west here; this is a room full of professional engineers. Defining new processes and policies to make things easier, take less resources, cause less friction, make operations more efficient, etc is part of what we are supposed to do. Not everything can be solved with code; the lack of defined processes for making major changes is the biggest single issue leading to the problems we have right now.

— Dave Chinner

If you are on Gmail and doing kernel dev, might be worth looking at other email providers.

— John "Warthog9" Hawley

Comments (none posted)

Ubuntu to add TPM-backed full-disk encryption

The Ubuntu blog has a detailed article on plans to add full-disk encryption, with the key stored in the system's trusted platform module (TPM), to the desktop distribution.

In order to deliver these benefits, the implementation of TPM-backed FDE relies on two main design principles. First, it seals the FDE secret key to the full EFI state, including the kernel command line. Second, access to the decryption key will only be permitted if and when the device boots software that has been defined as authorised to access the confidential data. This is when the initrd code will unseal the key in the secure-boot protected kernel.efi at boot time.

Comments (67 posted)

Benjamin: Towards a new SymPy

In a series of posts on his blog, Oscar Benjamin looks at SymPy, which is a Python-based symbolic-mathematics library. In the first article, he outlines the "big changes for SymPy with particular focus on speed". The second covers polynomial handling; subsequent articles will examine other pieces of the puzzle.

I will be writing this in a series of blog posts. This first post will outline the structure of the foundations of a computer algebra system (CAS) like SymPy, describe some problems SymPy currently has and what can be done to address them. Then subsequent posts will focus in more detail on particular components and the work that has been done and what should be done in the future.

Comments (7 posted)