A huge bug has been sitting in the Linux kernel for nearly nine years which gives untrusted users unfettered root access and no one noticed.
Now it seems the hole is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
Dan Rosenberg, a senior researcher at Azimuth Security, told Ars Technica that it was the most serious Linux local privilege escalation ever.
The underlying bug was patched this week by the maintainers of the official Linux kernel and downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important”.
Attacks exploiting this specific vulnerability were found by Linux developer Phil Oester who discovered it using an HTTP packet capture.
It took him less than five seconds to get total control.
Software’s Mr Sweary, Linus Torvalds, is furious that some “buggy crap” got under the bonnet of his nice new Linux kernal.
Torvalds released Linux 4.8 earlier this week, but now it turns out that it contains some code he thinks can “kill the kernel”.
Torvalds a said sorry yesterday on the Linux Kernel Mailing list for a bug fix gone bad.
“I’m really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too).”
The “crap” was fixing a bug that’s been present in Linux since version 3.15. Torvalds rates the fix for that bug “clearly worse than the bug it tried to fix, since that original bug has never killed my machine!”
Torvalds is fuming at kernel contributor Andrew Morton, who he says is debugging with a known bad use of BUG_ON().
“I’ve ranted against people using BUG_ON() for debugging in the past. Why the f*ck does this still happen?” Torvalds writes, pointing to a 2002 post to the kernel mailing list outlining how to do BUG_ON() right. He later adds “so excuse me for being upset that people still do this shit almost 15 years later.”
Morton seems to have put his hand up for the Torvalds’ criticisms. But Torvalds also thinks he could and should have done better, as he writes:
“I should have reacted to the damn added BUG_ON() lines. I suspect I will have to finally just remove the idiotic BUG_ON() concept once and for all, because there is NO F*CKING EXCUSE to knowingly kill the kernel.”
Open Sauce’s Mr Sweary has gone off on lawyers making money on GPL enforcement.
Linus Torvalds waded into the Software Freedom Conservancy and Bradley Kuhn over the question of enforcing compliance of the GPL General Public Licence.
Software Freedom Conservancy head Karen Sandler made a mistake when she suggested that Linuxcon in Toronto should include a session on GPL enforcement.
A number of developers think that while discussing enforcement issues was topical and necessary, doing it at a conference of this kind could well lead to people who took part being deposed later on by lawyers for their own cases.
Matthew Garrett, a former kernel developer and someone who was not attending LinuxCon, joined the discussion, pushing his view that a militant approach was better and this appears to have set Torvald’s off.
He backed the proposal to have a discussion on GPL enforcement but said no lawyers should be present, only developers. “I personally think this arguing for lawyering has become a nasty festering disease, and the SFC and Bradley Kuhn has been the Typhoid Mary spreading the disease,” Torvalds said.
Torvalds added: “I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title ‘Lawyers: poisonous to openness, poisonous to community, poisonous to projects.’
“…quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends.
“Because lawsuits — and even threats of lawsuits — make companies way less likely to see you as a good guy. Even when you’re threatening somebody else, everybody else around the target starts getting really, really antsy.”
Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware.
Hellwig claimed the outfit had violated version 2 of the GNU General Public Licence and says he will appeal against the verdict.
“I’m disappointed that the court didn’t even consider the actual case of reusing the Linux code written by me, and I hope the Court of Appeal will investigate this central aspect of the lawsuit,” he said in a statement.
The case claimed that VMware had been using Hellwig’s code from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same.
However the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership. The case revolved around the claim that the company had used a module which was released under GPLv2 with its own proprietary kernel, known as vmkernel. The central question was whether this made the module a derivative work.
Hellwig had the financial backing of the Software Freedom Conservancy, which said it had discovered in 2011 that VMware had failed to provide or offer any source code for the version of BusyBox included in VMware’s ESXi products, an enterprise-class, type-1 hypervisor.
BusyBox combines several stripped down Unix tools in a single executable.
Both the Conservancy and Hellwig claimed that VMware had combined copyrighted Linux code, licensed under the GPLv2, with their own proprietary code called “vmkernel” and distributed the entire combined work without providing or offering complete, corresponding source code.
The court was a little odd about all this. It It did not allow expert testimony while making its decision and more or less decided on the Judge’s own expert knowledge of software.
In December last year, the SFC was forced to issue an appeal for funds, with the organisation saying a drop in donations had become noticeable after VMware was sued. This year the Linux Foundation came under scrutiny when it changed its rules to make it impossible for community representatives to be elected to its board because of the VMware case.
While the world cheered at the prospect of Linux running on Windows, security experts were less sure and fear that it might have bought a new way to hack a Windows machine.
Alex Ionescu, chief architect at Crowdstrike told the assorted throngs at the Black Hat USA security conference that some problems he reported to Microsoft during the beta period have already been fixed, but the larger problem, though, is that there is now a new potential attack surface that organisations need to know about and risks that need to be mitigated.
“In some case, the Linux environment running in Windows is less secure because of compatibility issues, There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.”
The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated.
He said that Windows was now a “two-headed beast” that can do a little Linux and can also be used to attack the Windows side of the system.
Linux on Windows does not run inside of a Hyper-V hypervisor, which potentially could isolate the Linux processes. Instead Linux is running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface, he said.
The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories.
The updating mechanism inside of Linux for Windows is also an area Ionescu looked at. There is a scheduled task that can be set in Windows to run the Apt-Get Linux command to update packages for the user mode that is enabled by Ubuntu. That said, Ionescu noted that Microsoft isn’t actually using an Ubuntu Linux kernel, just user-land tools and applications.
AppLocker, which is Microsoft’s whitelisting service for Windows applications, doesn’t work for Linux applications. As such, if an enterprise has enabled Linux on systems, Linux apps can potentially run without first checking with AppLocker.
Software king of the world Microsoft has made a killing by enabling its Azure virtual machines to run Linux.
When Vole started the service 25 percent of its Virtual Machines were running Linux and now it is nearly one in three.
During his keynote at DockerCon 2016 in Seattle, Azure Chief Technology Officer Mark Russinovich said that Microsoft was adding more container support to its cloud and server products.
Russinovich showed off Windows Server support coming soon to the company’s Azure Container Service (ACS) while everyone yawned.
Microsoft made Azure Container Service generally available in April 2016, but for Linux containers only. Last year, company execs said Microsoft also would bring Windows Server support to ACS.
ACS allows developers to orchestrate applications using Apache Mesos or Docker Swarm. Users can migrate container workloads to and from Azure without code changes.
Russinovich showed a preview of SQL Server on Linux running on a Docker container. SQL Server for Linux is currently in private preview and is due to be available by mid-2017.
Russinovich announced that Docker Datacenter is available in the Azure Marketplace. In addition, Docker Datacenter can manage a hybrid container-based application running across Azure — and for the first time — Azure Stack on premises.
The way that Microsoft is integrating Linux into its cloudy world is amazing, given that it is not that long ago that its CEO called Linux a cancer and was doing its best to kill it off.
The colourful Linux creator Linus Torvalds has not given up on replacing Windows on the desktop with his sort of stuff.
Speaking from his bed at the Embedded Linux Conference, Torvalds said that Linux had not been a failure on the desktop.
“The desktop hasn’t really taken over the world like Linux has in many other areas, but just looking at my own use, my desktop looks so much better than I ever could have imagined,” he told the throngs.
Despite the fact that he is known for sometimes not being very polite to some of the desktop UI people, he said he was happy with the Linux desktop.
“To me, it’s not a failure. I would obviously love for Linux to take over that world too, but it turns out it’s a really hard area to enter. I’m still working on it. It’s been 25 years. I can do this for another 25. I’ll wear them down,” Torvalds said.
Leonardo Fabbretti (R) with his adopted son Dama Fabbretti.
The fruity cargo cult Apple’s obession with protecting terrorists phone is having a knock on effect on ordinary people.
Apple arranged a publicity stunt to prove that its phones were “super secure” by refusing to help the FBI unlock the phone of a terrorist.
Unfortunately for Apple the cunning plan went pear shaped when the FBI worked out how to crack the phone using one of Jobs’ Mob’s security flaws.
However Apple’s blanket refusal to unlock phones has impacted the case of an Italian whose iPhone owning son died.
Leonardo Fabbretti’s adopted son Dama died at age 13 of bone cancer in September. Apple is refusing to unlock the phone and allow him to have access to photos of his dead son,
Fabbretti has written a letter to Apple CEO Tim Cook pleading to unlock Dama’s phone.
“Don’t deny me the memories of my son. I cannot give up. Having lost my Dama, I will fight to have the last two months of photos, thoughts and words which are held hostage in his phone.”
Fabbretti, who lives in Italy, first contacted Apple back in autum when his son died. Local Apple staff attempted to get the photographs off of iCloud, but Dama had not backed up the device. so the company said there is no way to retrieve them without the passcode. Giving out passcodes was too similar to the FBI case for them to let that happen.
Fabbretti wrote in his letter. “Although I share your philosophy in general, I think Apple should offer solutions for exceptional cases like mine.”
We thought it was dead, but it turns out that the anti-Linux badboy SCO is going to have another appeal.
For those who came in very very late SCO tried to claim that Linux used its Unix code and started issuing writs against those using the open saucy software in their systems. However it found itself involved in a long running battle against IBM. As a result, SCO’s Unix business collapsed, the outfit went bankrupt, but a court case continued for 13 years.
We thought it was over at the beginning of the year, but now it seems that SCO is having another crack at IBM and has appealed. Last we heard SCO’s arguments claiming intellectual property ownership over parts of Unix had been rejected by a US district court. That judgment noted that SCO had minimal resources to defend counter-claims filed by IBM due to SCO’s bankruptcy.
At the beginning of the month that filing was backed up by the judge’s full explanation, declaring IBM the emphatic victor in the long-running saga.
SCO has filed yet again to appeal that judgment, although the precise grounds it is claiming it are unknown.
How is managing to lurch along like a zombie who always manages to shot in the head? The outfit is being represented by Boise, Schiller & Flexner, which successfully represented the US government against Microsoft in the antitrust case in the late 1990s. However SCO is bankrupt so how it can come up with the readies is impossible to say.
IBM has fought SCO tooth and claw every stretch of the way and pretty successfully. Our guess is that it will try to get the case thrown out quickly.
Red Hat has become the first $2 billion dollar open saucy company and doubled its value from four years ago.
What is unusual is that Red Hat made all its value by earning the money rather than fleecing venture capitalists.
Red Hat’s total revenue for its fourth quarter was $544 million – up 17 percent on last year. Subscription revenue for the quarter was $480 million, up 18 percent and subscription revenue in the quarter was 88 percent of total revenue.
Jim Whitehurst, Red Hat’s president and CEO credits “Enterprises increasingly adopting hybrid cloud infrastructures and open source technologies” for driving the company’s strong results.
Whitehurst said that punters continued, “Customers are demanding technologies that modernize the development, deployment and life-cycle management of applications across hybrid cloud environments. Many are relying on Red Hat to provide both the infrastructure and the application development platforms to run their enterprise applications consistently and reliably across physical, virtual, private cloud and public cloud environments.”
For the full 2016 fiscal year, Red Hat’s total revenue was $2.05 billion, up 15 percent. Subscription revenue for the full fiscal year was $1.8 billion. Subscription revenue in the full fiscal year was 88 percent of total revenue.
Subscription revenue from infrastructure-related offerings for the quarter was $391 million, an increase of 15 percent. Subscription revenue from application development-related and other emerging technologies offerings for the quarter was $89 million, an increase of 38 percent.
Full fiscal year subscription revenue from infrastructure-related offerings was $1.48 billion, an increase of 12 percent in US dollars year-over-year and 18 percent measured in constant currency. Full fiscal year subscription revenue from application development-related and other emerging technologies offerings was $323 million, an increase of 37 percent in US dollars year-over-year and 46 percent measured in constant currency.
Red Hat expects to see between $2.380 billion to $2.420 billion in the coming year.