days
-1
-2
hours
0
-2
minutes
-5
-3
seconds
0
-1
search
Giddyup

Linux roundup: Conduct, candidates and capacitors

Natali Vlatko
Cowboy image via Shutterstock

Some updates for all you Linux folk today, with coding standards, the latest RC for version 4.0 and Google’s dope Project Zero team who have been tasked with unearthing bummer zero-day flaws.

The latest release candidate for Linux 4.0 is out, with Linux custodian Linus Torvalds updating the Linux Kernel Mailing List on Sunday with information about Linux 4.0-RC3.

The current release candidate is decidedly bigger than its predecessor, which was unleashed late due to Torvalds having an i915 DRM graphics issue with one of his Apple Mac Mini computers. The Linux community has been graced with a timely release this round, which has been described as “fairly normal”.

The usual churn of basic regression fixes and patch distribution can be seen in RC3, with Torvalds noting that about two thirds of the updates were dedicated to drivers (GPU, networking, USB, staging, sound) and the rest focused on filesystems (NFS, Btrfs), architecture updates (x86, ARM, PowerPC) and documentation.

‘Be excellent to each other’

Another update that Torvalds has made comes after he reportedly copped some criticism for being… well, himself. It’s well known in the community that Torvalds isn’t shy when it comes to speaking his mind, which is why his latest ‘Code of Conflict‘ is so interesting.

While discussing his articulated views on security at Linux.conf.au, Torvalds set the record straight for punters out there: “I’m not a nice person and I don’t care about you”. However, the ‘Code of Conflict’ gives us a different look at the way Torvalds wants to approach updates to the kernel:

As a reviewer of code, please strive to keep things civil and focused on the technical issues involved. We are all humans, and frustrations can be high on both sides of the process. Try to keep in mind the immortal words of Bill and Ted, “Be excellent to each other.”

While the Excellent Adventure shoutout is sure to earn a chuckle, Torvalds has underlined the importance of making sure that contributors don’t feel personally abused, threatened or generally uncomfortable, citing this as “not acceptable”.

For those that experience any kind of abuse or wish to air their grievances, the Linux Foundation’s Technical Advisory Board should be contacted via tab@lists.linux-foundation.org, or the individual members themselves in order to resolve the issue.

“Woah, dude.”

The ‘rowhammer’ attack

Finally, Google’s Project Zero team has reported on it’s latest mission in promoting excellence in security research by publishing their exploitation of the DRAM ‘rowhammer’ bug to gain kernel privileges.

The team describes ‘rowhammer’ as a problem with some recent DRAM devices in which “repeatedly accessing a row of memory can cause bit flips in adjacent rows”. This latest security research sees the team moving away from its usual software probing and into hardware territory, with a number of laptops tested that exhibited the problem.

The team tested the exploit on 29 x86 laptops built between 2010 and 2014 using DDR3 DRAM:

We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.

The Project Zero team aren’t sure how many machines are vulnerable to such an attack, or how many existing machines are fixable. The expectation is that their PTE-based exploit could be made to work on other operating systems, as it’s not a specific Linux problem (it was just selected as The Chosen One for this experiment).

The project has also shone a light on other other avenues for exploiting bit flips, which can ultimately have a practical purpose.

Author
Natali Vlatko
An Australian who calls Berlin home, via a two year love affair with Singapore. Natali was an Editorial Assistant for JAXenter.com (S&S Media Group).

Leave a Reply

Be the First to Comment!

avatar
400
  Subscribe  
Notify of