lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 33분 지남

[$] Enabling the persistent journal in Debian

목, 2020/02/13 - 6:24오전
It seems unlikely that anyone on any "side" of the systemd war that has raged in Debian over the last few years thought that the results of the recent general resolution (GR) vote ended the matter. The vote showed a clear preference for moving ahead with systemd as the preferred init system, though it was far from any kind of landslide—there were definitely plenty of voters who would have preferred a different outcome. It was a complicated GR, with a wide spectrum of options, but at this point, the project as a whole has spoken. Actually implementing some of the changes that the GR enabled may not have the smooth path that some might have hoped for, however.

Horn: Mitigations are attack surface, too

목, 2020/02/13 - 2:13오전
On the Google Project Zero blog, Jann Horn looks at a number of vulnerabilities in a Samsung Android kernel, some of which are caused by the addition of out-of-tree "security" features. "The Samsung kernel on the A50 contains an extra security subsystem (named 'PROCA', short for 'Process Authenticator', with code in security/proca/) to track process identities. By combining several logic issues in this subsystem (which, on their own, can already cause a mismatch between the tracking state and the actual process state) with a brittle code pattern, it is possible to cause memory unsafety by winning a race condition."

Security updates for Wednesday

목, 2020/02/13 - 12:31오전
Security updates have been issued by CentOS (spice-gtk), Debian (libemail-address-list-perl), openSUSE (chromium, libqt5-qtbase, nginx, systemd, and wicked), Oracle (spice-gtk), Slackware (firefox and thunderbird), and Ubuntu (libexif and Yubico PIV Tool).

Three stable kernels

수, 2020/02/12 - 9:21오전
Stable kernels 5.5.3, 5.4.19, and 4.19.103 have been released. They all contain many important fixes throughout the tree and users should upgrade.

[$] Lua and Python

수, 2020/02/12 - 8:08오전
From a high-level perspective, Lua and Python are similar languages; both are "scripting" languages that are compiled into bytecode instructions that run on a virtual machine. But the focus of Lua has generally been toward embedding the language into some larger application or system, rather than as an alternative for, say, Python, Perl, or Ruby as a general-purpose language. That is not to say that Lua is not capable of handling any of the tasks those other languages do, but that it has not really been the target, seemingly. Some recent discussions in the Lua community have explored possible changes in that regard, particularly around the idea of providing a larger, richer standard library.

Firefox 73.0

수, 2020/02/12 - 12:45오전
Firefox 73.0 has been released. This version includes two features that help users view and read website content more easily; a new global default zoom level setting and a "readability backplate" solution to make websites in High Contrast Mode more readable without disabling background images. See the release notes for details.

Security updates for Tuesday

수, 2020/02/12 - 12:37오전
Security updates have been issued by Debian (checkstyle), Fedora (poppler), Oracle (kernel), Red Hat (389-ds:1.4, java-1.7.1-ibm, java-1.8.0-ibm, nss-softokn, and spice-gtk), and Scientific Linux (spice-gtk).

Aleksandersen: Limit the impact of a security intrusion with systemd security directives

화, 2020/02/11 - 1:29오전
Daniel Aleksandersen shows how to sandbox a daemon process using a set of systemd features. "These directives combined would have stopped the specific remote code execution vulnerability that afflicted OpenSMTPD. However, the key takeaway is that you should strive to sandbox long-running and internet-exposed services. There’s no need for your webserver to be able to load a kernel module, your email server to change the hostname, or your DNS server to launch wget and schedule reoccurring tasks with cron."

[$] The rest of the 5.6 merge window

화, 2020/02/11 - 1:04오전
Linus Torvalds released the 5.6-rc1 prepatch and closed the merge window on February 9; at that point, 10,780 non-merge changesets had been pulled into the mainline repository for 5.6. That is substantially less than recent development cycles (14,350 for 5.5, 14,619 for 5.4), but is similar to what was going on at this time last year (10,843 for 5.0-rc1 in January 2019). About 6,000 of those changes were pulled since the first 5.6 merge-window article was written; read on for what was included in those changes.

GDB 9.1 released

화, 2020/02/11 - 12:46오전
Version 9.1 of the GNU debugger is out. There are many improvements; see the announcement and the changelog for details.

Security updates for Monday

화, 2020/02/11 - 12:23오전
Security updates have been issued by Debian (ipmitool, libexif, and ppp), Fedora (glib2, java-1.8.0-openjdk, java-11-openjdk, libasr, libuv, mingw-gdk-pixbuf, mingw-SDL2, nethack, nghttp2, nodejs, nodejs-mixin-deep, nodejs-set-value, nodejs-yarn, opensmtpd, python-feedgen, runc, samba, sox, and texlive-base), Mageia (chromium-browser-stable, mgetty, openslp, qtbase5, spamassassin, sudo, and xmlrpc), openSUSE (ceph and chromium), Oracle (grub2 and kernel), SUSE (docker-runc, LibreOffice, and wicked), and Ubuntu (libxml2 and qtbase-opensource-src).

Kernel prepatch 5.6-rc1

월, 2020/02/10 - 1:18오후
Linus has released 5.6-rc1 and closed the merge window for this development cycle. "This was actually a slightly smaller merge window than usual, but I think that what happened is simply that the holiday season impacted new development. It impacted the 5.5 rc series less than I had expected, but seems to instead have caused 5.6 to have slightly less development than normal."

[$] Kernel operations structures in BPF

토, 2020/02/08 - 4:27오전
One of the more eyebrow-raising features to go into the 5.6 kernel is the ability to load TCP congestion-control algorithms as BPF programs; networking developer Toke Høiland-Jørgensen described it as a continuation of the kernel's "march towards becoming BPF runtime-powered microkernel". On its face, congestion control is a significant new functionality to hand over to BPF, taking it far beyond its existing capabilities. When one looks closer, though, one's eyebrow altitude may well increase further; the implementation of this feature breaks new ground in a couple of areas.

Davis: Is Open Source a diversion from what users really want?

토, 2020/02/08 - 1:49오전
Over on the Ardour forum, Paul Davis wonders whether access to the source code is truly what users these days want or need. There are other closed-source digital audio workstations that are far more customizable than Ardour via a scripting language without needing any access to the source. "But perhaps for applications like Ardour, ones that do not yet exist, there ought to be a different development pathway. I remember once wondering if we should have implemented the entire GUI in PyGTK (i.e. Python). We didn't, and most of my curiosity was about whether it would have helped or hindered our development process. However, had we done so, one of the consequences would have been that many changes to the program would have been made simpler, easier to access and would require no 'rebuild'. I wonder if going forward, large-scale apps like Ardour ought to (as Reaper did relatively early in its life) consider the 'script extension system' to be a vital and critical part of the application infrastructure. This would mean, for example, writing large parts of 'core functionality' using this system, rather than dropping back into C++ to get things done. There are precedents for this: GNU Emacs, for example, is at some level written in C, but almost everything about the program is actually constructed in Emacs Lisp, its own 'scripting extension'. The C core of Emacs is so small and so irrelevant that it almost doesn't matter that it is there: if you want to modify or extend Emacs, you (almost always) write Lisp, not C."

Security updates for Friday

토, 2020/02/08 - 1:37오전
Security updates have been issued by Arch Linux (chromium, python-django, and sudo), Debian (libexif and libxmlrpc3-java), Fedora (upx and xar), openSUSE (ucl and upx), Oracle (ipa), Scientific Linux (kernel), SUSE (e2fsprogs, libqt5-qtbase, nginx, pcp, php7, rubygem-rack, systemd, wicked, and xen), and Ubuntu (mariadb-10.1, mariadb-10.3, mesa, pillow, and python-reportlab).