- [$] CAP_PERFMON — and new capabilities in general
system call is a complicated beast, requiring a fair amount of study to
master. This call also has some interesting security implications: it can
be used to obtain a lot of information about the running system, and the
complexity of the...
- Security updates for Friday
Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp...
- [$] Memory-management optimization with DAMON
To a great extent, memory management is based on making predictions: which
pages of memory will a given process need in the near future?
Unfortunately, it turns out that predictions are hard, especially when they
are about future events. In the absence of...
- Security updates for Thursday
Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm),...
- [$] LWN.net Weekly Edition for February 20, 2020
The LWN.net Weekly Edition for February 20, 2020 is available.
- Stable kernel updates
Stable kernels 5.5.5, 5.4.21, and 4.19.105 have been released, with the usual
set of important fixes.
- [$] Debian discusses how to handle 2038
At this point, most of the kernel work to avoid
the year-2038 apocalypse has been completed. Said apocalypse could occur when
time counted in seconds since 1970 overflows a 32-bit signed value
(i.e. time_t). Work in the GNU C Library (glibc) and other C
- The Linux Foundation and Harvard’s Lab for Innovation Science release census for open-source software security
The Linux Foundation's Core Infrastructure Initiative and Harvard University's Lab for Innovation Science have teamed up on a census of the most critical open-source components in today's production applications. The report [PDF], titled "Vulnerabilities in...
- Security updates for Wednesday
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, ksh, and sudo), Debian (php7.0 and python-django), Fedora (cacti, cacti-spine, mbedtls, and thunderbird), openSUSE (chromium, re2), Oracle (firefox, java-1.7.0-openjdk, and sudo), Red...
- [$] Finer-grained kernel address-space layout randomization
The idea behind kernel address-space layout
randomization (KASLR) is to make it harder for attackers to find code
of interest to use in their attacks by loading the kernel at a random
location. But a single random offset is used for the placement...
- Cook: security things in Linux v5.4
A bit belatedly, Kees Cook looks at some security-relevant changes in Linux 5.4 in a blog post. He lists a small handful of changes, including:
"After something on the order of 8 years, Linux can now draw a bright line between 'ring 0' (kernel memory)...
- Security updates for Tuesday
Security updates have been issued by Arch Linux (systemd and thunderbird), Debian (clamav, libgd2, php7.3, spamassassin, and webkit2gtk), Fedora (kernel, kernel-headers, and sway), Mageia (firefox, kernel-linus, mutt, python-pillow, sphinx, thunderbird, and...
- [$] Filesystem UID mapping for user namespaces: yet another shiftfs
The idea of an ID-shifting virtual filesystem that would remap user and
group IDs before passing requests through to an underlying real filesystem
has been around
for a few years but has never made it into the mainline. Implementations
have taken the form...
- Security updates for Monday
Security updates have been issued by Debian (evince, postgresql-9.4, and thunderbird), Fedora (ksh and libxml2), openSUSE (hostapd and nextcloud), Red Hat (chromium-browser, firefox, flash-plugin, and ksh), and SUSE (firefox and thunderbird).
- NetBSD 9.0 released
The NetBSD 9.0 release is out. "This is the seventeenth major release of the NetBSD operating system
and brings significant improvements in terms of hardware support,
quality assurance, security, along with new features and hundreds of
bug fixes." Significant...