Linux roundup: Conduct, candidates and capacitors
Some updates for all you Linux folk today, with coding standards, the latest RC for version 4.0 and Google’s dope Project Zero team who have been tasked with unearthing bummer zero-day flaws.
The current release candidate is decidedly bigger than its predecessor, which was unleashed late due to Torvalds having an i915 DRM graphics issue with one of his Apple Mac Mini computers. The Linux community has been graced with a timely release this round, which has been described as “fairly normal”.
The usual churn of basic regression fixes and patch distribution can be seen in RC3, with Torvalds noting that about two thirds of the updates were dedicated to drivers (GPU, networking, USB, staging, sound) and the rest focused on filesystems (NFS, Btrfs), architecture updates (x86, ARM, PowerPC) and documentation.
‘Be excellent to each other’
Another update that Torvalds has made comes after he reportedly copped some criticism for being… well, himself. It’s well known in the community that Torvalds isn’t shy when it comes to speaking his mind, which is why his latest ‘Code of Conflict‘ is so interesting.
While discussing his articulated views on security at Linux.conf.au, Torvalds set the record straight for punters out there: “I’m not a nice person and I don’t care about you”. However, the ‘Code of Conflict’ gives us a different look at the way Torvalds wants to approach updates to the kernel:
As a reviewer of code, please strive to keep things civil and focused on the technical issues involved. We are all humans, and frustrations can be high on both sides of the process. Try to keep in mind the immortal words of Bill and Ted, “Be excellent to each other.”
While the Excellent Adventure shoutout is sure to earn a chuckle, Torvalds has underlined the importance of making sure that contributors don’t feel personally abused, threatened or generally uncomfortable, citing this as “not acceptable”.
For those that experience any kind of abuse or wish to air their grievances, the Linux Foundation’s Technical Advisory Board should be contacted via email@example.com, or the individual members themselves in order to resolve the issue.
The ‘rowhammer’ attack
Finally, Google’s Project Zero team has reported on it’s latest mission in promoting excellence in security research by publishing their exploitation of the DRAM ‘rowhammer’ bug to gain kernel privileges.
The team describes ‘rowhammer’ as a problem with some recent DRAM devices in which “repeatedly accessing a row of memory can cause bit flips in adjacent rows”. This latest security research sees the team moving away from its usual software probing and into hardware territory, with a number of laptops tested that exhibited the problem.
The team tested the exploit on 29 x86 laptops built between 2010 and 2014 using DDR3 DRAM:
We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
The Project Zero team aren’t sure how many machines are vulnerable to such an attack, or how many existing machines are fixable. The expectation is that their PTE-based exploit could be made to work on other operating systems, as it’s not a specific Linux problem (it was just selected as The Chosen One for this experiment).
The project has also shone a light on other other avenues for exploiting bit flips, which can ultimately have a practical purpose.