Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 12 min ago

Kernel page-table isolation merged

Saturday 30th of December 2017 03:45:00 PM
Linus has merged the kernel page-table isolation patch set into the mainline just ahead of the 4.15-rc6 release. This is a fundamental change that was added quite late in the development cycle; it seems a fair guess that 4.15 will have to go to -rc8, at least, before it's ready for release.

Stable kernels 4.14.10 and 4.9.73

Friday 29th of December 2017 06:18:35 PM
Greg Kroah-Hartman has announced the release of the 4.14.10 and 4.9.73 stable kernels. Both have fixes across the tree, though 4.14.10 is rather larger and contains more of the kernel page-table isolation work.

Security updates for Friday

Friday 29th of December 2017 04:23:10 PM
Security updates have been issued by Debian (imagemagick, mercurial, and thunderbird), Fedora (asterisk, libexif, python-mistune, sensible-utils, shellinabox, and webkitgtk4), Mageia (glibc, kernel-firmware, and phpmyadmin), and openSUSE (global).

Security updates for Wednesday

Wednesday 27th of December 2017 03:42:24 PM
Security updates have been issued by Fedora (asterisk, evince, lynx, ruby, sensible-utils, and shellinabox) and SUSE (GraphicsMagick and java-1_7_1-ibm).

salsa.debian.org (git.debian.org replacement) going into beta

Tuesday 26th of December 2017 04:42:21 PM
The Debian Project has been working on replacing git.debian.org with a GitLab based service at https://salsa.debian.org. Active Debian Developers already have accounts. "External users are invited to create an account on salsa. To avoid clashes with future Debian Developers, we are enforcing a '-guest' suffix for any guest username. Therefore we developed a self-service portal which allows non-Debian Developers to sign up, available at https://signup.salsa.debian.org. Please keep in mind that your username will have '-guest' appended."

Security updates for a holiday Monday

Monday 25th of December 2017 07:00:49 PM
Security updates have been issued by Debian (enigmail, gimp, irssi, kernel, rsync, ruby1.8, and ruby1.9.1), Fedora (json-c and kernel), Mageia (libraw and transfig), openSUSE (enigmail, evince, ImageMagick, postgresql96, python-PyJWT, and thunderbird), Slackware (mozilla), and SUSE (evince).

Some holiday stable kernel updates

Monday 25th of December 2017 04:43:11 PM
The 4.14.9, 4.9.72, 4.4.108, and 3.18.90 stable kernel updates have been released with a large set of important fixes. The 4.14.9 update includes the kernel page-table isolation precursor patches that also just landed in 4.15-rc5.

Kernel prepatch 4.15-rc5

Sunday 24th of December 2017 03:52:34 PM
The 4.15-rc5 kernel prepatch is out. "This (shortened) week ended up being fairly normal for rc5, with the exception of the ongoing merging of the x86 low-level prep for kernel page table isolation that continues and is noticeable. In fact, about a third of the rc5 patch is x86 updates due to that."

Privilege escalation via eBPF in Linux 4.9 and beyond

Friday 22nd of December 2017 11:22:42 PM
Jann Horn has reported eight bugs in the eBPF verifier, one for the 4.9 kernel and seven introduced in 4.14, to the oss-security mailing list. Some of these bugs result in eBPF programs being able to read and write arbitrary kernel memory, thus can be used for a variety of ill effects, including privilege escalation. As Ben Hutchings notes, one mitigation would be to disable unprivileged access to BPF using the following sysctl: kernel.unprivileged_bpf_disabled=1. More information can also be found in this Project Zero bug entry. The fixes are not yet in the mainline tree, but are in the netdev tree. Hutchings goes on to say: "There is a public exploit that uses several of these bugs to get root privileges. It doesn't work as-is on stretch [Debian 9] with the Linux 4.9 kernel, but is easy to adapt. I recommend applying the above mitigation as soon as possible to all systems running Linux 4.4 or later."

[$] An introduction to the BPF Compiler Collection

Friday 22nd of December 2017 10:58:33 PM
In the previous article of this series, I discussed how to use eBPF to safely run code supplied by user space inside of the kernel. Yet one of eBPF's biggest challenges for newcomers is that writing programs requires compiling and linking to the eBPF library from the kernel source. Kernel developers might always have a copy of the kernel source within reach, but that's not so for engineers working on production or customer machines.

Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens (Register)

Friday 22nd of December 2017 08:42:06 PM
The Register reports that the grsecurity defamation suit filed against Bruce Perens has been tossed out of court. "On Thursday, the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted Peren's motion to dismiss the complaint while also denying – for now – his effort to invoke California's anti-SLAPP law."

FSF adds PureOS to list of endorsed GNU/Linux distributions

Friday 22nd of December 2017 08:17:41 PM
The Free Software Foundation (FSF) has announced that it added PureOS to its list of endorsed Linux distributions. "'PureOS is a GNU operating system that embodies privacy, security, and convenience strictly with free software throughout. Working with the Free Software Foundation in this multi-year endorsement effort solidifies our longstanding belief that free software is the nucleus for all things ethical for users. Using PureOS ensures you are using an ethical operating system, committed to providing the best in privacy, security, and freedom,' said Todd Weaver, Founder & CEO of Purism."

Moglen fires back at the Software Freedom Conservancy

Friday 22nd of December 2017 08:16:42 PM
Here's the latest from Eben Moglen on the Software Freedom Law Center's trademark attack against the Software Freedom Conservancy. "We propose a general peace, releasing all claims that the parties have against one another, in return for an iron-clad agreement for mutual non-disparagement, binding all the organizations and individuals involved, with strong safeguards against breach. SFLC will offer, as part of such an overall agreement, a perpetual, royalty-free trademark license for the Software Freedom Conservancy to keep and use its present name, subject to agreed measures to prevent confusion, and continued observance of the non-disparagement agreement."

In the spirit of non-disparagement, it also says: "In view of this evidence and the sworn pleading submitted by the Conservancy, we have now moved to amend our petition, to state as a second ground for the cancellation that the trademark was obtained by fraud."

Security updates for Friday

Friday 22nd of December 2017 02:55:46 PM
Security updates have been issued by Debian (bouncycastle, enigmail, and sensible-utils), Fedora (kernel), Mageia (dhcp, flash-player-plugin, glibc, graphicsmagick, java-1.8.0-openjdk, kernel, kernel-linus, kernel-tmb, mariadb, pcre, rootcerts, rsync, shadow-utils, and xrdp), and SUSE (java-1_8_0-ibm and kernel).

More in Tux Machines

Android Leftovers

My Linux story: Coding not required

For more than 15 years, I have earned a living working exclusively with open source products. How did I get here? In many ways, my journey started before Linux existed. In college, I had friends who were admins in the engineering computer lab. Although I did not do too well in my CS programming classes, as a hobby and to spend time with my friends I learned about newgroups, ftp sites, and Unix systems. As a data aide student intern, I realized I made a good translator between the astronomers and the C programmer computer support staff. I could read just enough code to identify the problem, but not enough to actually fix it. Read more

Amazing Facts about Linux Operating System You Probably Don't Know

It was almost 30 years ago when the first version of Linux came into the market and since then, this operating system has made its important stature beside Microsoft Windows. Linux has turned out to be one of the most acknowledged and extensively used operating system. Enthused by UNIX, Linux has smartly managed to attract a lot of tech giants such as Facebook, Google, Yahoo, Twitter, Amazon, and much more. However, when it comes to assessing the exact rate of adoption of Linux in the market, the task is a bit tough since the sources to get copies are wide in number. Appreciating workers' and developers' hard-work, Linux has been designed in such a way that exploring and learning things on this operating system has become quite captivating and enthralling. In this post, let's know more about amazing features and facts of this operating system. Read more

Red Hat News