lwn.net

Your editor has a certain tendency to accumulate books, to the point that they crowd everything else out of the house. There is a lot to be said for books: a physical book has a user interface that has been optimized over centuries, and one can have a reasonably high degree of certainty that any given book will still work a few decades for now. Neither of those can be said for electronic books, but they do have the advantages of taking less shelf space and being more portable. So electronic books are part of the reading menu, which naturally leads to the search for a free reader for those books; KOReader turns out to be an interesting alternative.

Greg Kroah-Hartman has announced the release of the 5.4.189 and 4.19.238 stable kernels. As usual, they contain important fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (fribidi and python-django), Fedora (postgresql-jdbc, stargz-snapshotter, and thunderbird), Slackware (git, gzip, and xz), and SUSE (kernel, SDL2, and tomcat).

Support for developing in the Rust language is headed toward the kernel, though just when it will land in the mainline is yet to be determined. The Rust patches are progressing, though, and beginning to attract attention from beyond the kernel community. When two languages — and two different development communities — come together, the result can be a sort of cultural clash. Some early signs of that are appearing with regard to Rust in the kernel; if the resulting impedance mismatches can be worked out, the result could be a better development environment for everybody involved.

Security updates have been issued by Debian (lrzip), Fedora (community-mysql, expat, firefox, kernel, mingw-openjpeg2, nss, and openjpeg2), Mageia (ceph, subversion, and webkit2), openSUSE (chromium), Oracle (httpd:2.4), Red Hat (kpatch-patch), Slackware (ruby), SUSE (kernel and netatalk), and Ubuntu (gzip and xz-utils).

SUSE has begun to discuss its plans for the next version of SUSE Linux Enterprise on the openSUSE lists. It appears that there will be some significant changes.

Intending to do radical changes (regarding technology- but also design-wise) we choose "Adaptable Linux Platform" or short "ALP" as codename for that next generation. This indicates already that some things will be quite different than a "mere "SLE 15++ would be ;) [...]

Another important point is that we intend to split what was a more generic, everything is closely intertwined into two parts: One smaller hardware enabling piece, a kind of "host OS", and the and the layer providing and supporting applications, which will be container (and VM) based.

The LWN.net Weekly Edition for April 14, 2022 is available.

Using strings with contents that are supplied by users can be fraught with peril; SQL injection is a well-known technique for attacking applications that stems from that, for example. Generally, database frameworks and libraries provide mechanisms that seek to lead programmers toward doing The Right Thing, with parameterized queries and the like, but they cannot enforce that—inventive developers will seemingly always find ways to inject user input into places it should not go. A recently adopted Python Enhancement Proposal (PEP) provides a way to enforce the use of strings that are untainted by user input, but it uses the optional typing features of the language to do so; those wanting to take advantage of it will need to be running a type-checking program.

The 5.17.3, 5.16.20, 5.15.34, and 5.10.111 stable kernel updates have been released after a relatively quick review cycle. Each contains a relatively large set of important fixes. Note that 5.16.20 is the final update in the 5.16.x series.

Security updates have been issued by Arch Linux (gzip, python-django, and xz), Debian (chromium, subversion, and zabbix), Red Hat (expat, kernel, and thunderbird), SUSE (go1.16, go1.17, kernel, libexif, libsolv, libzypp, zypper, opensc, subversion, thunderbird, and xz), and Ubuntu (git, linux-bluefield, nginx, and subversion).

Version 6.3 of the Qt graphics library has been released. "Qt 6.3 also comes with a decent set of new functionality. A total of 250 user stories and tasks implementing new functionality have been completed for 6.3. Those are of course too many to list individually, and if you want to have all the details, have a look at our new features page and our Release Notes."

Git maintainer Junio C Hamano has announced the release of v2.35.2, along with multiple other Git versions ("v2.30.3, v2.31.2, v2.32.1, v2.33.2, and v2.34.2"), to fix a security problem that can happen on multi-user machines (CVE-2022-24765). This GitHub blog post has more details, though the GitHub service itself is not vulnerable. The description in the announcement seems a bit Windows-centric, but Linux multi-user systems are apparently vulnerable as well: On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `C:\.git`, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

When last we looked in on the proposed trusted_for() system call, which would allow user-space interpreters and other tools to ask the kernel whether a file is "trusted" for execution, it looked like it was on-track for the mainline. That was back in October 2020; the patch has been updated multiple times since then, made its way into linux-next, and a pull request was made by Mickaël Salaün for the 5.18 merge window. But it seems that there will be more to the story of getting this functionality into the kernel, as Linus Torvalds declined to pull trusted_for(), at least partly because he did not like the name, but there were other reasons as well. While he is not opposed to the functionality it would provide, he also had strong feelings that a new system call was not the right approach.

David Malcolm has posted an update on the state of static analysis in GCC 12.

Some other languages, such as Perl, can track input and flag any variable that should not be trusted because it was read from an outside source such as a web form. Flagging variables in this manner is called tainting. After a program runs the variable through a check, the variable can be untainted, a process called sanitization.

Our GCC analyzer's taint mode is activated by -fanalyzer-checker=taint (which should be specified in addition to -fanalyzer). Taint mode attempts to track attacker-controlled values entering the program and to warn if they are used without sanitization.

The 4.9.310 stable kernel update has been released; the changes consist mostly of backported Spectre mitigation patches.

Security updates have been issued by Debian (thunderbird and usbguard), Fedora (containerd, firefox, golang-github-containerd-imgcrypt, nss, and vim), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (libexif, mozilla-nss, mysql-connector-java, and qemu), and Ubuntu (libarchive and python-django).

Filesystems and the virtual filesystem layer are in the business of managing files that actually exist, but the Linux "dentry cache", which remembers the results of file-name lookups, also keeps track of files that don't exist. This cache of "negative dentries" plays an important role in the overall performance of the system but, if it is allowed to grow too large, its role can become negative in its own right. As the 2022 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) approaches, the subject of negative dentries has come up yet again; whether one can be positive about the prospects for a resolution this time around remains unclear.

The second 5.18 kernel prepatch is out for testing. "Things look fairly normal here, although it's early in the release cycle so it's a bit hard to say for sure. But at least it's not looking particularly odd, and we have fixes all over."

Security updates have been issued by Debian (gzip, libxml2, minidlna, openjpeg2, thunderbird, webkit2gtk, wpewebkit, xen, and xz-utils), Fedora (crun, unrealircd, and vim), Mageia (389-ds-base, busybox, flatpak, fribidi, gdal, python-paramiko, and usbredir), openSUSE (opera and seamonkey), Oracle (kernel and kernel-container), Red Hat (firefox), Scientific Linux (firefox), Slackware (libarchive), SUSE (389-ds, libsolv, libzypp, zypper, and python), and Ubuntu (python-django and tcpdump).

OpenSSH 9.0 has been released. It is claimed to be primarily a bug-fix release, but it also switches to a new, quantum-computer-proof key-exchange protocol by default and includes a number of sftp changes, some of which may create some compatibility issues (described in the announcement) with scp.

We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.