Tag: Linux

Linux had a killer flaw for 11 years and no one noticed

One of the key advantages of Open sauce software is that it is supposed to be easier to spot and fix software flaws, however Linux has had a  local privilege escalation flaw for 11 years and no-one has noticed.

The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.

The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.

While it cannot be exploited remotely, this sort of bug can be combined with other flaws that give remote hackers access to a lower privileged account on a system.

For the flaw to be exploitable, the kernel needs to be built with the CONFIG_IP_DCCP option. Many distributions use kernels built with this option, but some don’t.

Red Hat announced that Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels are affected. The company has released patches for Red Hat Enterprise Linux 6 and 7 and for the Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt).

The Debian project released fixed kernel packages for Debian 7 Wheezy and Debian 8 Jessie, the “old stable” and “stable” versions of the distribution. Debian Stretch (testing) and Sid (unstable) have not been patched yet.

Patches are also available for Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. As far as SUSE goes, only SUSE Linux Enterprise Server 10 is affected and patches for it are only available to customers with long term service pack support. The kernels in SUSE Linux Enterprise Server 11 SP 1 to 4 and SUSE Linux Enterprise Server 12 SP 1 and 2 are not built with support for the DCCP protocol.

Munich might still stick to Linux agreement

The poster child for the use of Linux by government authorities, the City of Munich, might stick to its commitment to the operating system after all.

There had been ructions in Munich over whether its move to Linux had been such a good idea and if it had saved as much as it thought it had.

Most media have reported that a final call was made to halt the LiMux and switch back to Microsoft software, but the Free Software Foundation Europe says this is fake news.

What happened was that the opposing parties were overruled, but the decision was amended such that a strategy document must specify which LiMux-applications will no longer be needed. This was not killing off the project but postponing it until more facts were known such as the extent in which prior investments must be written off, and a rough calculation of the overall costs of the desired unification.

The FSFE said that so far mayor Dieter Reiter was forced to postpone the final decision, and this was possible through the unwavering pressure created by joint efforts between The Document Foundation, KDE, OSBA, and the FSFE together with all the individuals who wrote to city council members and took the issue to the media.

Although the mandate hints that the existing vendor-neutral approach is to be replaced with a proprietary solution, it leaves the door open.

Some politicians said they’d never received this much input from the public before, and the Free Software Foundation Europe says the city’s issues were caused “from organisational problems, including lack of clear structures and responsibilities,” which should not be attributed to the Linux operating system.

“LiMux as such is still one of the best examples of how to create a vendor-neutral administration based on Free Software,” the FSFE said.

Linux has had a huge bug for nine years

bugA huge bug has been sitting in the Linux kernel for nearly nine years which gives untrusted users unfettered root access and no one noticed.

Now it seems the hole is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

Dan Rosenberg, a senior researcher at Azimuth Security, told Ars Technica that it was the most serious Linux local privilege escalation ever.

The underlying bug was patched this week by the maintainers of the official Linux kernel and downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important”.

Attacks exploiting this specific vulnerability were found by Linux developer Phil Oester who discovered it using an HTTP packet capture.

It took him less than five seconds to get total control.

Bugs got into new Linux

Mr SwearySoftware’s Mr Sweary, Linus Torvalds, is furious that some “buggy crap” got under the bonnet of his nice new Linux kernal.

Torvalds released Linux 4.8 earlier this week, but now it turns out that it contains some code he thinks can “kill the kernel”.

Torvalds a said sorry yesterday on the  Linux Kernel Mailing list for a bug fix gone bad.

“I’m really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too).”

The “crap” was fixing a bug that’s been present in Linux since version 3.15. Torvalds rates the fix for that bug “clearly worse than the bug it tried to fix, since that original bug has never killed my machine!”

Torvalds is fuming at kernel contributor Andrew Morton, who he says is debugging with a known bad use of BUG_ON().

“I’ve ranted against people using BUG_ON() for debugging in the past. Why the f*ck does this still happen?” Torvalds writes, pointing to a 2002 post to the kernel mailing list outlining how to do BUG_ON() right. He later adds “so excuse me for being upset that people still do this shit almost 15 years later.”

Morton seems to have put his hand up for the Torvalds’ criticisms. But Torvalds also thinks he could and should have done better, as he writes:

“I should have reacted to the damn added BUG_ON() lines. I suspect I will have to finally just remove the idiotic BUG_ON() concept once and for all, because there is NO F*CKING EXCUSE to knowingly kill the kernel.”

 

Linus rages at GNU enforcement

Mr SwearyOpen Sauce’s Mr Sweary has gone off on lawyers making money on GPL enforcement.

Linus Torvalds waded into the Software Freedom Conservancy and Bradley Kuhn over the question of enforcing compliance of the GPL General Public Licence.

Software Freedom Conservancy head Karen Sandler made a mistake when she suggested that Linuxcon in Toronto should include a session on GPL enforcement.

A number of developers think that while discussing enforcement issues was topical and necessary, doing it at a conference of this kind could well lead to people who took part being deposed later on by lawyers for their own cases.

Matthew Garrett, a former kernel developer and someone who was not attending LinuxCon, joined the discussion, pushing his view that a militant approach was better and this appears to have set Torvald’s off.

He backed the proposal to have a discussion on GPL enforcement but said no lawyers should be present, only developers. “I personally think this arguing for lawyering has become a nasty festering disease, and the SFC and Bradley Kuhn has been the Typhoid Mary spreading the disease,” Torvalds said.

Torvalds added: “I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title ‘Lawyers: poisonous to openness, poisonous to community, poisonous to projects.’

“…quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends.

“Because lawsuits — and even threats of lawsuits — make companies way less likely to see you as a good guy. Even when you’re threatening somebody else, everybody else around the target starts getting really, really antsy.”

 

Linux developer loses case against VMware

dead linuxLinux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware.

Hellwig claimed the outfit had violated version 2 of the GNU General Public Licence and says he will appeal against the verdict.

“I’m disappointed that the court didn’t even consider the actual case of reusing the Linux code written by me, and I hope the Court of Appeal will investigate this central aspect of the lawsuit,” he said in a statement.

The case claimed that VMware had been using Hellwig’s code from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same.

However the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership. The case revolved around the claim that the company had used a module which was released under GPLv2 with its own proprietary kernel, known as vmkernel. The central question was whether this made the module a derivative work.

Hellwig had the financial backing of the Software Freedom Conservancy, which said it had discovered in 2011 that VMware had failed to provide or offer any source code for the version of BusyBox included in VMware’s ESXi products, an enterprise-class, type-1 hypervisor.

BusyBox combines several stripped down Unix tools in a single executable.

Both the Conservancy and Hellwig claimed that VMware had combined copyrighted Linux code, licensed under the GPLv2, with their own proprietary code called “vmkernel” and distributed the entire combined work without providing or offering complete, corresponding source code.

The court was a little odd about all this.  It It did not allow expert testimony while making its decision and more or less decided on the Judge’s own expert knowledge of software.

In December last year, the SFC was forced to issue an appeal for funds, with the organisation saying a drop in donations had become noticeable after VMware was sued. This year the Linux Foundation came under scrutiny when it changed its rules to make it impossible for community representatives to be elected to its board because of the VMware case.

 

Linux on Windows might be a giant bug

bugWhile the world cheered at the prospect of Linux running on Windows, security experts were less sure and fear that it might have bought a new way to hack a Windows machine.

Alex Ionescu, chief architect at Crowdstrike told the assorted throngs at the Black Hat USA security conference that some problems he reported to Microsoft during the beta period have already been fixed, but the larger problem, though, is that there is now a new potential attack surface that organisations need to know about and risks that need to be mitigated.

“In some case, the Linux environment running in Windows is less secure because of compatibility issues, There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.”

The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated.

He said that Windows was now a “two-headed beast” that can do a little Linux and can also be used to attack the Windows side of the system.

Linux on Windows does not run inside of a Hyper-V hypervisor, which potentially could isolate the Linux processes. Instead Linux is running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface, he said.

The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories.

The updating mechanism inside of Linux for Windows is also an area Ionescu looked at. There is a scheduled task that can be set in Windows to run the Apt-Get Linux command to update packages for the user mode that is enabled by Ubuntu. That said, Ionescu noted that Microsoft isn’t actually using an Ubuntu Linux kernel, just user-land tools and applications.

AppLocker, which is Microsoft’s whitelisting service for Windows applications, doesn’t work for Linux applications. As such, if an enterprise has enabled Linux on systems, Linux apps can potentially run without first checking with AppLocker.

 

Microsoft Azure doing rather well on Linux

microsoft-open-sourceSoftware king of the world Microsoft has made a killing by enabling its Azure virtual machines to run Linux.

When Vole started the service 25 percent of its Virtual Machines were running Linux and now it is nearly one in three.

During his keynote at DockerCon 2016 in Seattle, Azure Chief Technology Officer Mark Russinovich said that Microsoft was adding more container support to its cloud and server products.

Russinovich showed off Windows Server support coming soon to the company’s Azure Container Service (ACS) while everyone yawned.

Microsoft made Azure Container Service generally available in April 2016, but for Linux containers only. Last year, company execs said Microsoft also would bring Windows Server support to ACS.

ACS allows developers to orchestrate applications using Apache Mesos or Docker Swarm. Users can migrate container workloads to and from Azure without code changes.

Russinovich showed a preview of SQL Server on Linux running on a Docker container. SQL Server for Linux is currently in private preview and is due to be available by mid-2017.

Russinovich announced that Docker Datacenter is available in the Azure Marketplace. In addition, Docker Datacenter can manage a hybrid container-based application running across Azure — and for the first time — Azure Stack on premises.

The way that Microsoft is integrating Linux into its cloudy world is amazing, given that it is not that long ago that its CEO called Linux a cancer and was doing its best to kill it off.

Linus has not given up on desktops

torvaldsnvidia-640x424The colourful Linux creator Linus Torvalds has not given up on replacing Windows on the desktop with his sort of stuff.

Speaking from his bed at the Embedded Linux Conference, Torvalds said that Linux had not been a failure on the desktop.

“The desktop hasn’t really taken over the world like Linux has in many other areas, but just looking at my own use, my desktop looks so much better than I ever could have imagined,” he told the throngs.

Despite the fact that he is known for sometimes not being very polite to some of the desktop UI people, he said he was happy with the Linux desktop.

“To me, it’s not a failure. I would obviously love for Linux to take over that world too, but it turns out it’s a really hard area to enter. I’m still working on it. It’s been 25 years. I can do this for another 25. I’ll wear them down,” Torvalds said.

Heartless Apple refuses to unlock dead boy’s phone

Leonardo Fabbretti (R) with his adopted son Dama Fabbretti.

Leonardo Fabbretti (R) with his adopted son Dama Fabbretti.

The fruity cargo cult Apple’s obession with protecting terrorists phone is having a knock on effect on ordinary people.

Apple arranged a publicity stunt to prove that its phones were “super secure” by refusing to help the FBI unlock the phone of a terrorist.

Unfortunately for Apple the cunning plan went pear shaped when the FBI worked out how to crack the phone using one of Jobs’ Mob’s security flaws.

However Apple’s blanket refusal to unlock phones has impacted the case of an Italian whose iPhone owning son died.

Leonardo Fabbretti’s adopted son Dama died at age 13 of bone cancer in September. Apple is refusing to unlock the phone and allow him to have access to photos of his dead son,

Fabbretti has written a letter to Apple CEO Tim Cook pleading to unlock Dama’s phone.

“Don’t deny me the memories of my son. I cannot give up. Having lost my Dama, I will fight to have the last two months of photos, thoughts and words which are held hostage in his phone.”

Fabbretti, who lives in Italy, first contacted Apple back in autum when his son died. Local Apple staff attempted to get the photographs off of iCloud, but Dama had not backed up the device. so the company said there is no way to retrieve them without the passcode. Giving out passcodes was too similar to the FBI case for them to let that happen.

Fabbretti wrote in his letter. “Although I share your philosophy in general, I think Apple should offer solutions for exceptional cases like mine.”