ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

LWN: Linux Weekly Newsletter

Security updates for Friday

([Security] Nov 15, 2019 14:42 UTC (Fri) (jake))

Security updates have been issued by CentOS (kernel), Debian (ghostscript, mesa, and postgresql-common), Fedora (chromium, php-robrichards-xmlseclibs, php-robrichards-xmlseclibs3, samba, scap-security-guide, and wpa_supplicant), Mageia (cpio, fribidi, libapreq2, python-numpy, webkit2, and zeromq), openSUSE (ImageMagick, kernel, libtomcrypt, qemu, ucode-intel, and xen), Oracle (kernel), Red Hat (ghostscript, kernel, and kernel-rt), Scientific Linux (ghostscript and kernel), SUSE (bash, enigmail, ghostscript, ImageMagick, kernel, libjpeg-turbo, openconnect, and squid), and Ubuntu (ghostscript, imagemagick, and postgresql-common).

Cook: Security things in Linux v5.3

([Kernel] Nov 15, 2019 13:10 UTC (Fri) (corbet))

Kees Cook [1]catches up with the security improvements in the 5.3 kernel. " In recent exploits, one of the steps for making the attacker’s life easier is to disable CPU protections like Supervisor Mode Access (and Execute) Prevention (SMAP and SMEP) by finding a way to write to CPU control registers to disable these features. For example, CR4 controls SMAP and SMEP, where disabling those would let an attacker access and execute userspace memory from kernel code again, opening up the attack to much greater flexibility. CR0 controls Write Protect (WP), which when disabled would allow an attacker to write to read-only memory like the kernel code itself. Attacks have been using the kernel’s CR4 and CR0 writing functions to make these changes (since it’s easier to gain that level of execute control), but now the kernel will attempt to 'pin' sensitive bits in CR4 and CR0 to avoid them getting disabled. This forces attacks to do more work to enact such register changes going forward. "

[1] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/

Security updates for Thursday

([Security] Nov 14, 2019 14:00 UTC (Thu) (jake))

Security updates have been issued by Arch Linux (kernel, linux-lts, and linux-zen), CentOS (kernel, sudo, and thunderbird), Debian (linux-4.9), Fedora (samba), openSUSE (apache2-mod_auth_openidc, kernel, qemu, rsyslog, and ucode-intel), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and microcode_ctl), and Ubuntu (kernel, libjpeg-turbo, linux, linux-hwe, linux-oem, linux, linux-hwe, linux-oem-osp1, and qemu).

[$] Keeping memory contents secret

([Kernel] Nov 15, 2019 19:46 UTC (Fri) (corbet))

One of the many responsibilities of the operating system is to help processes keep secrets from each other. Operating systems often fail in this regard, sometimes due to factors — such as hardware bugs and user-space vulnerabilities — that are beyond their direct control. It is thus unsurprising that there is an increasing level of interest in ways to improve the ability to keep data secret, perhaps even from the operating system itself. The [1]MAP_EXCLUSIVE patch set from Mike Rapoport is one example of the work that is being done in this area; it also shows that the development community has not yet really begun to figure out how this type of feature should work.

[1] https://lwn.net/ml/linux-kernel/1572171452-7958-1-git-send-email-rppt@kernel.org/

Announcing the Bytecode Alliance

([Development] Nov 13, 2019 17:47 UTC (Wed) (ris))

The [1]Bytecode Alliance is an industry partnership with the aim of forging [2]WebAssembly ’s outside-the-browser future by collaborating on implementing standards and proposing new ones. The [3]newly formed alliance has " a vision of a WebAssembly ecosystem that is secure by default, fixing cracks in today’s software foundations ". The alliance is currently working on a standalone WebAssembly runtime, two use-case specific runtimes, runtime components, and language tooling.

[1] https://bytecodealliance.org/

[2] https://webassembly.org/

[3] https://bytecodealliance.org/articles/announcing-the-bytecode-alliance

Security updates for Wednesday

([Security] Nov 13, 2019 16:07 UTC (Wed) (ris))

Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, linux-azure, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2, linux-lts-xenial, linux-aws, linux-raspi2, and webkit2gtk).

[$] The Yocto Project 3.0 release

([Distributions] Nov 14, 2019 19:26 UTC (Thu) (corbet))

The [1]Yocto Project recently announced [2]its 3.0 release , maintaining the spring/fall cadence it has followed for the past nine years. As well as the expected updates, it contains new thinking on getting the best of two worlds: source builds and prebuilt binaries. This fits well into a landscape where reproducibility and software traceability, all the way through to device updates, are increasingly important to handle complex security issues.

[1] https://www.yoctoproject.org

[2] https://lists.yoctoproject.org/pipermail/yocto-announce/2019-October/000169.html

[$] Analyzing kernel email

([Kernel] Nov 13, 2019 22:54 UTC (Wed) (jake))

Digging into the email that provides the cornerstone of Linux kernel development is an endeavor that has become more popular over the last few years. There are some practical reasons for analyzing the kernel mailing lists and for correlating that information with the patches that actually reach the mainline, including tracking the path that patches take—or don't take. Three researchers reported on some efforts they have made on kernel email analysis at the [1]2019 Embedded Linux Conference Europe (ELCE), held in late October in Lyon, France.

[1] https://events19.linuxfoundation.org/events/embedded-linux-conference-europe-2019/

Stable kernel updates

([Kernel] Nov 12, 2019 20:45 UTC (Tue) (ris))

Stable kernels [1]5.3.11 , [2]4.19.84 , [3]4.14.154 , [4]4.9.201 , and [5]4.4.201 have been released. They all contain important fixes and users should upgrade.

[1] https://lwn.net/Articles/804464/

[2] https://lwn.net/Articles/804465/

[3] https://lwn.net/Articles/804466/

[4] https://lwn.net/Articles/804467/

[5] https://lwn.net/Articles/804468/

This week's hardware vulnerabilities

([Kernel] Nov 12, 2019 20:48 UTC (Tue) (corbet))

A set of patches has just been pushed into the mainline repository (and stable updates) for yet another set of hardware vulnerabilities. "TSX async abort" (or TAA) exposes information through the usual side channels by way of internal buffers used with the transactional memory (TSX) instructions. Mitigation is done by disabling TSX or by clearing the relevant buffers when switching between kernel and user mode. Given that this is not the first problem with TSX, disabling it entirely is recommended; a microcode update may be needed to do so, though. [1]This commit contains documentation on this vulnerability and its mitigation.

[1] https://git.kernel.org/linus/a7a248c593e4 There are also fixes for [1]another vulnerability : it seems that accessing a memory address immediately after the size of the page containing it was changed (from a regular to a huge page, for example) can cause the processor to lock up. This behavior is considered undesirable by many. The vulnerability only exists for pages marked as executable; the mitigation is to force all executable pages to be the regular, 4K page size.

[1] https://git.kernel.org/linus/7f00cc8d4a51

Security updates for Tuesday

([Security] Nov 12, 2019 15:54 UTC (Tue) (ris))

Security updates have been issued by Fedora (community-mysql, crun, java-latest-openjdk, and mupdf), openSUSE (libssh2_org), and SUSE (go1.12, libseccomp, and tar).

FSF: New Respects Your Freedom website

([Briefs] Nov 11, 2019 16:30 UTC (Mon) (ris))

The Free Software Foundation's Respects Your Freedom program provides a certification for hardware that supports your freedom. A new [1]website listing certified products has [2]been launched . " In 2012, when we announced the first certification, we hosted information about the program and retailers as a simple page on the Free Software Foundation (FSF) Web site. With only one retailer selling one device, this was certainly satisfactory. As the program grew, we added each new device chronologically to that page, highlighting the newest certifications. We are now in a place where eight different retailers have gained nearly fifty certifications [...]. With so many devices available, across so many different device categories, it was getting more difficult for users to find what they were looking for in just a plain chronological list. "

[1] https://ryf.fsf.org/

[2] https://www.fsf.org/blogs/licensing/new-ryf-web-site-its-now-easier-to-support-companies-selling-devices-that-respect-your-freedom

A set of stable kernels

([Kernel] Nov 11, 2019 15:55 UTC (Mon) (ris))

Stable kernels [1]5.3.10 , [2]4.19.83 , [3]4.14.153 , [4]4.9.200 , and [5]4.4.200 have been released. They all contain important fixes and users should upgrade.

[1] https://lwn.net/Articles/804327/

[2] https://lwn.net/Articles/804328/

[3] https://lwn.net/Articles/804329/

[4] https://lwn.net/Articles/804330/

[5] https://lwn.net/Articles/804331/

Security updates for Monday

([Security] Nov 11, 2019 15:47 UTC (Mon) (ris))

Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).

Kernel prepatch 5.4-rc7

([Kernel] Nov 11, 2019 2:16 UTC (Mon) (corbet))

The [1]seventh 5.4 prepatch is out for testing. " Nothing looks _bad_, but there is too much of it. So I'm leaning towards an rc8 being likely next weekend due to that, but I won't make a final decision yet. We'll see. "

[1] https://lwn.net/Articles/804262/

[$] Debian reconsiders init-system diversity

([Distributions] Nov 12, 2019 2:17 UTC (Tue) (corbet))

Many community-based Linux distributions have made the decision to switch to systemd, and most of those decisions were accompanied by lengthy, sometimes acrimonious mailing-list discussions. No distribution had a harder time of it than Debian, though, where arguments raged through much of 2013 before the Debian Technical Committee [1]decided on systemd in early 2014. Thereafter, it is fair to say, appetite for renewing the init-system discussion has been low. Now, though, the topic has returned to the fore and it would appear that the project is heading toward a new general resolution to decide at what level init systems other than systemd should be supported.

[1] https://lwn.net/Articles/585319/

openSUSE votes not to change its name

([Distributions] Nov 8, 2019 14:41 UTC (Fri) (corbet))

The openSUSE project has been [1]considering a name change as part of its move into a separate foundation since (at least) June. A long and somewhat controversial vote of project members has just come to an end, and the result is conclusive: 225-42 against the name change.

[1] https://lwn.net/Articles/790298/

Security updates for Friday

([Security] Nov 8, 2019 14:36 UTC (Fri) (jake))

Security updates have been issued by Arch Linux (linux-hardened), Debian (fribidi), Gentoo (oniguruma, openssh/openssh, openssl, and pump), Mageia (chromium-browser-stable, expat, firefox, freetds, proftpd, python, thunderbird, and unbound), Oracle (sudo), Scientific Linux (thunderbird), Slackware (kernel), SUSE (rubygem-haml), and Ubuntu (fribidi and webkit2gtk).

[$] Emulated iopl()

([Kernel] Nov 8, 2019 17:37 UTC (Fri) (corbet))

Operating systems and computing hardware both carry a lot of their history with them. The x86 I/O-port mechanism is one piece of that history; it is rarely used by hardware designed in the last 20 years, but it must still be supported. That doesn't mean that this support can't be cleaned up and improved, though, especially when the old implementation turns out to have some unpleasant properties. An example can be seen in [1]the iopl() patch set from Thomas Gleixner.

[1] https://lwn.net/ml/linux-kernel/20191106193459.581614484@linutronix.de/

[$] LWN.net Weekly Edition for November 14, 2019

[$] Statistics from the 5.4 development cycle

([Kernel] Nov 7, 2019 22:27 UTC (Thu) (corbet))

As of this writing, just over 14,000 non-merge changesets have found their way into the mainline repository for the 5.4 release; that is a bit less than we saw for 5.3, but more than most of the other recent kernels. The final 5.4 release is approaching, so it must be time for our usual look at where the code merged in this development cycle came from. It's mostly business as usual in the kernel community, modulo an appearance from none other than Hulk Robot.


"I DO want your money, because god wants your money!"
-- The Reverend Jimmy, from _Repo_Man_