Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 24 min ago

[$] A filesystem corruption bug breaks loose

Monday 10th of December 2018 05:58:42 PM
Kernel bugs can have all kinds of unfortunate consequences, from inconvenient crashes to nasty security vulnerabilities. Some of the most feared bugs, though, are those that corrupt data in filesystems. The losses imposed on users can be severe, and the resulting problems may not be noticed for a long time, making recovery difficult. Filesystem developers, knowing that they will have to face their users in the real world, go to considerable effort to prevent this kind of bug from finding its way into a released kernel. A recent failure in that regard raises a number of interesting questions about how kernel development is done.

Security updates for Monday

Monday 10th of December 2018 03:57:17 PM
Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).

Kernel prepatch 4.20-rc6

Monday 10th of December 2018 07:52:47 AM
The 4.20-rc6 kernel prepatch is out for testing. "Most of it looks pretty small and normal. Would I have preferred for there to be less churn? Yes. But it's certainly smaller than rc5 was, so we're moving in the right direction, and we have at least one more rc to go."

More stable kernel updates

Saturday 8th of December 2018 06:34:40 PM
The stable kernel process continues to churn out releases; 4.19.8, 4.14.87, and 4.9.144 are now available with another set of important fixes.

[$] Kernel quality control, or the lack thereof

Friday 7th of December 2018 06:28:33 PM
Filesystem developers tend toward a high level of conservatism when it comes to making changes; given the consequences of mistakes, this seems like a healthy survival trait. One might rightly be tempted to regard a recent disagreement over the backporting of filesystem-related fixes to the stable kernels as an example of this conservatism, but there is more to it. The kernel development process has matured in many ways over the years; perhaps this discussion hints at some of the changes that will be needed to continue that maturation in the future.

Security updates for Friday

Friday 7th of December 2018 04:05:09 PM
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).

[$] Toward race-free process signaling

Thursday 6th of December 2018 06:51:45 PM
Signals have existed in Unix systems for years, despite the general consensus that they are an example of a bad design. Extensions and new ways of using signals pop up from time to time, fixing the issues that have been found. A notable addition was the introduction of signalfd() nearly 10 years ago. Recently, the kernel developers have discussed how to avoid race conditions related to process-ID (PID) recycling, which occurs when a process terminates and another one is assigned the same PID. A process that fails to notice that its target has exited may try to send a signal to the wrong recipient, with potentially grave consequences. A patch set from Christian Brauner is trying to solve the issue by adding signaling via file descriptors.

Microsoft's Edge browser moving to Chromium

Thursday 6th of December 2018 05:35:39 PM
Microsoft has announced that its "Edge" browser is joining the Chromium world. "Today we’re announcing that we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers. As part of this, we intend to become a significant contributor to the Chromium project, in a way that can make not just Microsoft Edge — but other browsers as well — better on both PCs and other devices."

Security updates for Thursday

Thursday 6th of December 2018 02:42:13 PM
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).

[$] LWN.net Weekly Edition for December 6, 2018

Thursday 6th of December 2018 01:35:19 AM
The LWN.net Weekly Edition for December 6, 2018 is available.

Videos from the Linux Plumbers Conference

Wednesday 5th of December 2018 08:49:01 PM
Videos from the 2018 Linux Plumbers Conference (November 13-15, Vancouver) have now been posted for all sessions, including the Kernel Summit and Networking tracks. They can be found by going to the detailed schedule and clicking on the session of interest.

[$] Investigating GitLab

Wednesday 5th of December 2018 08:10:42 PM

Daniel Vetter began his talk in the refereed track of the 2018 Linux Plumbers Conference (LPC) by noting that it would be in a somewhat similar vein to other talks he has given, since it is about tooling and workflows that are outside of the kernel norm. But, unlike those other talks that concerned changes that had already taken place, this talk was about switching open-source graphics projects to using a hosted version of GitLab, which has not yet happened. In it, he wanted to share his thoughts about why he thinks migrating to GitLab makes sense for the kernel graphics community—and maybe the kernel as a whole.

Stable kernel updates

Wednesday 5th of December 2018 08:09:37 PM
Stable kernels 4.19.7, 4.14.86, and 4.9.143 have been released, with the usual set of important fixes throughout the tree.

Security updates for Wednesday

Wednesday 5th of December 2018 03:54:19 PM
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).

Critical Kubernetes privilege escalation disclosed

Tuesday 4th of December 2018 07:00:57 PM
A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3). "With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection. [...] In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation. [...] There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server." Kubernetes users should obviously update as soon as possible.

[$] Unexpected fallout from /usr merge in Debian

Tuesday 4th of December 2018 06:41:24 PM

Back in 2011, Harald Hoyer and Kay Sievers came up with a proposal for Fedora to merge much of the operating system into /usr; former top-level directories, /bin, /lib, and /sbin, would then become symbolic links pointing into the corresponding subdirectories of /usr. Left out of the merge would be things like configuration files in /etc, data in /var, and user home directories. This change was aimed at features like atomic upgrades and easy snapshots. The switch to a merged /usr was successful for Fedora 17; many other distributions (Arch, OpenSUSE, Mageia, just to name a few) have followed suit. More recently, Debian has been working toward a merged /usr, but it ran into some surprising problems that are unique to the distribution.

Security updates for Tuesday

Tuesday 4th of December 2018 04:16:40 PM
Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-gcp, perl, and poppler).

[$] Bounded loops in BPF programs

Monday 3rd of December 2018 10:45:39 PM
The BPF verifier is charged with ensuring that any given BPF program is safe for the kernel to load and run. Programs that fail to terminate are clearly unsafe, as they present an opportunity for denial-of-service attacks. In current kernels, the verifier uses a heavy-handed technique to block such programs: it disallows any program containing loops. This works, but at the cost of disallowing a wide range of useful programs; if the verifier could determine whether any given loop would terminate within a bounded time, this restriction could be lifted. John Fastabend presented a plan for doing so during the BPF microconference at the 2018 Linux Plumbers Conference.

CentOS Linux 7.6 (1810) released

Monday 3rd of December 2018 07:47:54 PM
CentOS has released CentOS Linux 7.6 (1810). "Updates released since the upstream release are all posted, across all architectures. We strongly recommend every user apply all updates, including the content released today, on your existing CentOS Linux 7 machine by just running 'yum update'." See the release notes for more information.

Security updates for Monday

Monday 3rd of December 2018 04:23:15 PM
Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel).

More in Tux Machines

Winterize your Bash prompt in Linux

Hello once again for another installment of the Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is? Really, we're keeping it pretty open-ended: It's anything that's a fun diversion at the terminal, and we're giving bonus points for anything holiday-themed. Maybe you've seen some of these before, maybe you haven't. Either way, we hope you have fun. Read more

GNOME Devs Experiment with a Refreshed GTK & Icon Theme

Now, if you’re a regular reader of this site then may recall our post on a new GNOME icon theme back in July. At the time only a handful of core GNOME apps had been given newly redesigned icons. Fast forward a season or so and not only is the give-core-apps-new-icons initiative well underway, but the redesign effort has extended to other parts of the desktop experience, including the default theme. Modernising the look and feel of GNOME apps and the shell is a) a bit overdue and b) happening as part of a wider update to GNOME design guidelines. The idea is to give the desktop a distinct yet consistent appearance. Read more

Programming: Python, Mozilla and HowTos

Open source autonomous driving project to build on 96Boards SBCs

Linaro, Tier IV, and Apex.AI have co-founded an Autoware Foundation to establish an open source platform for autonomous vehicles built around Tier IV’s Linux/ROS based Autoware stack and some future 96Boards SBCs. Japan-based intelligent vehicle technology company Tier IV has joined with Arm-backed Linaro and autonomous driving software firm Apex-AI to launch the Autoware Foundation. The not-for-profit organization will develop open source hardware and software built around the Linux and ROS based Autoware software developed by Tier IV, which sells small electrical vehicles (EVs) that run Autoware. Read more