lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 59초 지남

Nextcloud 15 released

화, 2018/12/11 - 5:35오후
Version 15 of the Nextcloud productivity and communications platform is out. New features include Mastodon integration, two-factor authentication, a number of user-interface improvements, and more.

Hutterer: Understanding HID report descriptors

화, 2018/12/11 - 5:19오후
For those who would like a deeper understanding of how the human interface device (HID) protocol works, Peter Hutterer has posted a detailed overview. "Originally HID was designed to work over USB. But just like Shrek the technology world is obsessed with layers so these days HID works over different transport layers. HID over USB is what your mouse uses, HID over i2c may be what your touchpad uses. HID works over Bluetooth and it's celebrity-diet version BLE. Somewhere, someone out there is very slowly moving a mouse pointer by sending HID over carrier pigeons just to prove a point. Because there's always that one guy."

[$] A filesystem corruption bug breaks loose

화, 2018/12/11 - 2:58오전
Kernel bugs can have all kinds of unfortunate consequences, from inconvenient crashes to nasty security vulnerabilities. Some of the most feared bugs, though, are those that corrupt data in filesystems. The losses imposed on users can be severe, and the resulting problems may not be noticed for a long time, making recovery difficult. Filesystem developers, knowing that they will have to face their users in the real world, go to considerable effort to prevent this kind of bug from finding its way into a released kernel. A recent failure in that regard raises a number of interesting questions about how kernel development is done.

Security updates for Monday

화, 2018/12/11 - 12:57오전
Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).

Kernel prepatch 4.20-rc6

월, 2018/12/10 - 4:52오후
The 4.20-rc6 kernel prepatch is out for testing. "Most of it looks pretty small and normal. Would I have preferred for there to be less churn? Yes. But it's certainly smaller than rc5 was, so we're moving in the right direction, and we have at least one more rc to go."

More stable kernel updates

일, 2018/12/09 - 3:34오전
The stable kernel process continues to churn out releases; 4.19.8, 4.14.87, and 4.9.144 are now available with another set of important fixes.

[$] Kernel quality control, or the lack thereof

토, 2018/12/08 - 3:28오전
Filesystem developers tend toward a high level of conservatism when it comes to making changes; given the consequences of mistakes, this seems like a healthy survival trait. One might rightly be tempted to regard a recent disagreement over the backporting of filesystem-related fixes to the stable kernels as an example of this conservatism, but there is more to it. The kernel development process has matured in many ways over the years; perhaps this discussion hints at some of the changes that will be needed to continue that maturation in the future.

Security updates for Friday

토, 2018/12/08 - 1:05오전
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).

[$] Toward race-free process signaling

금, 2018/12/07 - 3:51오전
Signals have existed in Unix systems for years, despite the general consensus that they are an example of a bad design. Extensions and new ways of using signals pop up from time to time, fixing the issues that have been found. A notable addition was the introduction of signalfd() nearly 10 years ago. Recently, the kernel developers have discussed how to avoid race conditions related to process-ID (PID) recycling, which occurs when a process terminates and another one is assigned the same PID. A process that fails to notice that its target has exited may try to send a signal to the wrong recipient, with potentially grave consequences. A patch set from Christian Brauner is trying to solve the issue by adding signaling via file descriptors.

Microsoft's Edge browser moving to Chromium

금, 2018/12/07 - 2:35오전
Microsoft has announced that its "Edge" browser is joining the Chromium world. "Today we’re announcing that we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers. As part of this, we intend to become a significant contributor to the Chromium project, in a way that can make not just Microsoft Edge — but other browsers as well — better on both PCs and other devices."

Security updates for Thursday

목, 2018/12/06 - 11:42오후
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).

[$] LWN.net Weekly Edition for December 6, 2018

목, 2018/12/06 - 10:35오전
The LWN.net Weekly Edition for December 6, 2018 is available.

Videos from the Linux Plumbers Conference

목, 2018/12/06 - 5:49오전
Videos from the 2018 Linux Plumbers Conference (November 13-15, Vancouver) have now been posted for all sessions, including the Kernel Summit and Networking tracks. They can be found by going to the detailed schedule and clicking on the session of interest.

[$] Investigating GitLab

목, 2018/12/06 - 5:10오전

Daniel Vetter began his talk in the refereed track of the 2018 Linux Plumbers Conference (LPC) by noting that it would be in a somewhat similar vein to other talks he has given, since it is about tooling and workflows that are outside of the kernel norm. But, unlike those other talks that concerned changes that had already taken place, this talk was about switching open-source graphics projects to using a hosted version of GitLab, which has not yet happened. In it, he wanted to share his thoughts about why he thinks migrating to GitLab makes sense for the kernel graphics community—and maybe the kernel as a whole.


Stable kernel updates

목, 2018/12/06 - 5:09오전
Stable kernels 4.19.7, 4.14.86, and 4.9.143 have been released, with the usual set of important fixes throughout the tree.

Security updates for Wednesday

목, 2018/12/06 - 12:54오전
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).

Critical Kubernetes privilege escalation disclosed

수, 2018/12/05 - 4:00오전
A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3). "With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection. [...] In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation. [...] There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server." Kubernetes users should obviously update as soon as possible.

[$] Unexpected fallout from /usr merge in Debian

수, 2018/12/05 - 3:41오전

Back in 2011, Harald Hoyer and Kay Sievers came up with a proposal for Fedora to merge much of the operating system into /usr; former top-level directories, /bin, /lib, and /sbin, would then become symbolic links pointing into the corresponding subdirectories of /usr. Left out of the merge would be things like configuration files in /etc, data in /var, and user home directories. This change was aimed at features like atomic upgrades and easy snapshots. The switch to a merged /usr was successful for Fedora 17; many other distributions (Arch, OpenSUSE, Mageia, just to name a few) have followed suit. More recently, Debian has been working toward a merged /usr, but it ran into some surprising problems that are unique to the distribution.


Security updates for Tuesday

수, 2018/12/05 - 1:16오전
Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-gcp, perl, and poppler).

[$] Bounded loops in BPF programs

화, 2018/12/04 - 7:45오전
The BPF verifier is charged with ensuring that any given BPF program is safe for the kernel to load and run. Programs that fail to terminate are clearly unsafe, as they present an opportunity for denial-of-service attacks. In current kernels, the verifier uses a heavy-handed technique to block such programs: it disallows any program containing loops. This works, but at the cost of disallowing a wide range of useful programs; if the verifier could determine whether any given loop would terminate within a bounded time, this restriction could be lifted. John Fastabend presented a plan for doing so during the BPF microconference at the 2018 Linux Plumbers Conference.