Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

Hackable $39 Allwinner A20 SBC packs HDMI and GbE

The $39 hackable “pcDuino3Nano” SBC runs Android or Ubuntu on a dual-core Allwinner A20 SoC, and offers GbE, HDMI, and 3x USB, plus Arduino-style expansion. It appears we have a new price/performance standout in the open source single board computer game. Longmont, Colorado based LinkSprite Technologies, which hosts the open source project for Allwinner-based pcDuino SBCs, has just announced a $39 board with a set of features that would typically go for about $60. The pcDuino3Nano offers the same dual-core, 1GHz Cortex-A7 system-on-chip and all the other features of the $77 pcDuino3 SBC except for the LVDS interface, I2S stereo digital audio output, and built-in WiFi. It also adds a second USB 2.0 host port, and upgrades the LAN interface from 10/100 to 10/100/1000 Ethernet. Read more

New Video Series Teaches Kids About Linux

Growing up in rural Utah, brothers Jared and JR Neilsen spent their free time recording videos that starred a cast of homemade puppets. As adults they've reconvened to create their own web series,Hello World, which aims to teach kids about computer science. The latest segment in the series, “Superusers: The Legendary GNU/Linux Show,” is focused on teaching Linux fundamentals. Puppets Adelie the penguin and Aramis the gnu lead kids on operating system adventures to teach topics such as how to use commands, write basic shell scripts, and find a file or directory. “We wanted to do something creative and fun, merging the adventures of our youth with our current interests in computer science,” Jared Neilsen said, via email. “It's a pastiche of things we love: puppets, surreal British comedy, philosophy, music, superhero cartoons, and Linux, of course.” Read more

Google's Chrome Strategy Heads in New Directions, Draws Linux Comparisons

Google's Chrome browser and Chrome OS operating system are grabbing headlines this week for several reasons. As Susan reported here, Matt Hartley said recently, 'Anyone who believes Google isn't making a play for desktop users isn't paying attention.' Hartley favors putting Linux in front of a lot of potential Chrome OS users, and says "I consider ChromeOS to be a forked operating system that uses the Linux kernel under the hood." Read more

Alice is killing the trolls -- but expect patent lawyers to strike back

Open source software developers rejoice: Alice Corp. v CLS Bank is fast becoming a landmark decision for patent cases in the United States. The Court of Appeals for the Federal Circuit, which handles all appeals for patent cases in the United States, has often been criticized for its handling of these cases -- Techdirt describes it as "the rogue patent court, captured by the patent bar." But following the Alice decision, the Court of Appeals seems to have changed. Read more