LWN on Linux: Trust, Security, Tags, exFAT and CHAOSS

Submitted by Roy Schestowitz on Thursday 12th of September 2019 06:58:54 PM
Linux
  • Maintaining the kernel's web of trust

    A typical kernel development cycle involves pulling patches from over 100 repositories into the mainline. Any of those pulls could conceivably bring with it malicious code, leaving the kernel (and its users) open to compromise. The kernel's web of trust helps maintainers to ensure that pull requests are legitimate, but that web has become difficult to maintain in the wake of the recent attacks on key servers and other problems. So now the kernel community is taking management of its web of trust into its own hands.

    Some history

    As recently as 2011, there was no mechanism in place to verify the provenance of pull requests sent to kernel maintainers. If an emailed request looked legitimate, and the proposed code changes appeared to make sense, then the requested pull would generally be performed. That degree of openness makes for a low-friction development experience, but it also leaves the project open to at least a couple types of attacks. Email is easy to forge; an attacker could easily create an email that appeared to be from a known maintainer, but which requested a pull from a malicious repository.

    The risk grows greater if an attacker somehow finds a way to modify a maintainer's repository (on kernel.org or elsewhere); then the malicious code would be coming from a trusted location. The chances of a forged pull request from a legitimate (but compromised) repository being acted on are discouragingly high.

    The compromise of kernel.org in 2011 focused minds on this problem. By all accounts, the attackers had no idea of the importance of the machine they had taken over, so they did not even try to tamper with any of the repositories kept there. But they could have done such a thing. Git can help developers detect and recover from such attacks, but only to an extent. What the community really needs is a way to know that a specific branch or tag proposed for pulling was actually created by the maintainer for the relevant subsystem.

    One action that was taken was to transform kernel.org from a machine managed by a small number of kernel developers in their spare time into a carefully thought-out system run by full-time administrators supported by the Linux Foundation. The provision of shell accounts to hundreds of kernel developers was belatedly understood to be something other than the best of ideas, so that is no longer done. No system is immune, but kernel.org has become a much harder target than before, so repositories stored there should be relatively safe.

  • Kernel runtime security instrumentation

    Finding ways to make it easier and faster to mitigate an ongoing attack against a Linux system at runtime is part of the motivation behind the kernel runtime security instrumentation (KRSI) project. Its developer, KP Singh, gave a presentation about the project at the 2019 Linux Security Summit North America (LSS-NA), which was held in late August in San Diego. A prototype of KRSI is implemented as a Linux security module (LSM) that allows eBPF programs to be attached to the kernel's security hooks.

    Singh began by laying out the motivation for KRSI. When looking at the security of a system, there are two sides to the coin: signals and mitigations. The signals are events that might, but do not always, indicate some kind of malicious activity is taking place; the mitigations are what is done to thwart the malicious activity once it has been detected. The two "go hand in hand", he said.

    For example, the audit subsystem can provide signals of activity that might be malicious. If you have a program that determines that the activity actually is problematic, then you might want it to update the policy for an LSM to restrict or prevent that behavior. Audit may also need to be configured to log the events in question. He would like to see a unified mechanism for specifying both the signals and mitigations so that the two work better together. That is what KRSI is meant to provide.

    He gave a few examples of different types of signals. For one, a process that executes and then deletes its executable might well be malicious. A kernel module that loads and then hides itself is also suspect. A process that executes with suspicious environment variables (e.g. LD_PRELOAD) might indicate something has gone awry as well.

    On the mitigation side, an administrator might want to prevent mounting USB drives on a server, perhaps after a certain point during the startup. There could be dynamic whitelists or blacklists of various sorts, for kernel modules that can be loaded, for instance, to prevent known vulnerable binaries from executing, or stopping binaries from loading a core library that is vulnerable to ensure that updates are done. Adding any of these signals or mitigations requires reconfiguration of various parts of the kernel, which takes time and/or operator intervention. He wondered if there was a way to make it easy to add them in a unified way.

  • Change IDs for kernel patches

    For all its faults, email has long proved to be an effective communication mechanism for kernel development. Similarly, Git is an effective tool for source-code management. But there is no real connection between the two, meaning that there is no straightforward way to connect a Git commit with the email discussions that led to its acceptance. Once a patch enters a repository, it transitions into a new form of existence and leaves its past life behind. Doug Anderson recently went to the ksummit-discuss list with a proposal to add Gerrit-style change IDs as a way of connecting the two lives of a kernel patch; the end result may not be quite what he was asking for.

    [...]

    Creation of this tag is relatively easy; it can be entirely automated at the point where a patch is applied to a Git repository. But it doesn't solve the entire problem; it can associate a commit with the final posting of a patch on a mailing list, but it cannot help to find previous versions of a patch. Generally, the discussion of the last version of a patch is boring since there is usually a consensus at that point that it should be applied. It's the discussion of the previous versions that will have caused changes to be made and which can explain some of the decisions that were made. But kernel developers are remarkably and inexplicably poor at placing the message ID of the final version of a patch into the previous versions.

    The most commonly suggested solution to that problem is not fully automatic. Developers like Thomas Gleixner and Christian Brauner argued in favor of adding a link to previous versions of a patch when posting an updated version. Gleixner called for a link to the cover letter of the prior version, while Brauner puts links to all previous versions. Either way, an interested developer can follow the links backward to see how a patch series has changed, along with the discussions that led to those changes.

  • Examining exFAT

    inux kernel developers like to get support for new features — such as filesystem types — merged quickly. In the case of the exFAT filesystem, that didn't happen; exFAT was created by Microsoft in 2006 for use in larger flash-storage cards, but there has never been support in the kernel for this filesystem. Microsoft's recent announcement that it wanted to get exFAT support into the mainline kernel would appear to have removed the largest obstacle to Linux exFAT support. But, as is so often the case, it seems that some challenges remain.
    For years, the Linux community mostly ignored exFAT; it was a proprietary format overshadowed by an unpleasant patent cloud. A Linux driver existed, though, and was shipped as a proprietary module on various Android devices. In 2013, the code for this driver escaped into the wild and was posted to a GitHub repository. But that code was never actually released under a free license and the patent issues remained, so no serious effort to upstream it into the mainline kernel was ever made.

    The situation stayed this way for some years. Even Microsoft's decision to join the Open Invention Network (OIN) in 2018 did not change the situation; exFAT, being outside the OIN Linux System Definition, was not covered by any new patent grants. Some people pointed this out at the time, but it didn't raise a lot of concern. Most people, it seemed, had simply forgotten about exFAT, which has a relatively limited deployment overall.

  • CHAOSS project bringing order to open-source metrics

    Providing meaningful metrics for open-source projects has long been a challenge, as simply measuring downloads, commits, or GitHub stars typically doesn't say much about the health or diversity of a project. It's a challenge the Linux Foundation's Community Health Analytics Open Source Software (CHAOSS) project is looking to help solve. At the 2019 Open Source Summit North America (OSSNA), Matt Germonprez, one of the founding members of CHAOSS, outlined what the group is currently doing and why its initial efforts didn't work out as expected.

    Germonprez is an Associate Professor at the University of Nebraska at Omaha and helped to start CHAOSS, which was first announced at the 2017 OSSNA held in Los Angeles. When CHAOSS got started, he said, there was no bar as to what the project was interested in. "We developed a long list of metrics, they were really unfiltered and uncategorized, so it wasn't doing a lot of good for people," Germonprez admitted.

»

Top 20 Funny Steam Games For Kids To Play Right Now [on Linux]

There are ample of funny steam games for kids available on the store for the Linux system. A couple of years back, gaming on the Linux was almost impossible. Nevertheless, a vast range of games are now available in different Linux distros, thanks to steam. Moreover, playing games on Linux is no more difficult. However, many games even available for free. Additionally, there are different genres of games, such as indie, action, adventure, casual, strategy, simulation, RPG, Early Access, single-player, violent, and sports. Linux users can play all these genres of games on steam for absolutely free or spending a little buck. Read more

GNOME 3.34

  • Introducing GNOME 3.34: “Thessaloniki”

    GNOME 3.34 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 23929 changes, made by approximately 777 contributors. 3.34 has been named “Thessaloniki” in recognition of this year’s GUADEC organizing team. GUADEC is GNOME’s primary annual conference and is only possible due to the amazing work of local volunteers. This year’s event was held in Thessaloniki, Greece, and was a big success. Thank you, Team Thessaloniki!

  • GNOME 3.34 Released

    The latest version of GNOME 3 has been released today. Version 3.34 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features.

  • GNOME 3.34 released
    The GNOME Project is proud to announce the release of GNOME 3.34, Θεσσαλονίκη
(Thessaloniki).

This release brings performance improvements in the shell, Drag-And-Drop in
the overview, improved mouse and keybord accessibility, previews in the
background panel, support for systemd user sessions, and more.

Improvements to core GNOME applications include new icons, sandboxed browsing
in Web, gapless playback in Music, support for bidirectional text in the
Terminal, more featured applications in Software, and more.

For more information about the changes in GNOME 3.34, you can visit
the release notes:

 https://help.gnome.org/misc/release-notes/3.34/

GNOME 3.34 will be available shortly in many distributions. If you want
to try it today, you can use the Fedora 31 beta that will be available soon
or the openSUSE nightly live images which include GNOME 3.34.

 https://www.gnome.org/getting-gnome/
 http://download.fedoraproject.org/pub/fedora/linux/development/31/Workstation/x86_64/iso/
 http://download.opensuse.org/repositories/GNOME:/Medias/images/iso/?P=GNOME_Next*

To try the very latest developments in GNOME, you can also use Fedora
Silverblue, whose rawhide branch always includes the latest GNOME packages.

 https://kojipkgs.fedoraproject.org/compose/rawhide/latest-Fedora-Rawhide/compose/Silverblue/x86_64/iso/

If you are interested in building applications for GNOME 3.34, you can
use the GNOME 3.34 Flatpak SDK, which is available in the sdk.gnome.org
repository.

This six-month effort wouldn't have been possible without the whole
GNOME community, made of contributors and friends from all around the
world: developers, designers, documentation writers, usability and
accessibility specialists, translators, maintainers, students, system
administrators, companies, artists, testers and last, but not least,
our users.

GNOME would not exist without all of you. Thank you to everyone!

Our next release, GNOME 3.36, is planned for March 2020. Until then,
enjoy GNOME 3.34!

 the GNOME Release Team
  • GNOME 3.34 Released With Its Many Performance Improvements & Better Wayland Support

    Red Hat developer Matthias Clasen has just announced the release of GNOME 3.34 as this widely anticipated update to the GNOME 3 desktop environment. Making GNOME 3.34 particularly exciting is the plethora of optimizations/fixes in tow with this six-month update. Equally exciting are a ton of improvements and additions around the Wayland support to ensure its performance and feature parity to X11. GNOME 3.34 also brings other improvements line sandboxed browsing with Epiphany, GNOME Music enhancements, GNOME Software improvements, nd a ton of other refinements throughout GNOME Shell, Mutter, and the many GNOME applications.

  • GNOME 3.34 Desktop Environment Officially Released, Here's What's New

    The GNOME Project announced today the release and general availability of the highly anticipated GNOME 3.34 desktop environment for Linux-based operating systems. GNOME 3.34 is dubbed "Thessaloniki" after the host city of the GUADEC (GNOME User and Developer European Conference) 2019 event and it's a major release that adds numerous new features and improvements. It's been in development of the past six months and comes as a drop-in replacement for the GNOME 3.32 "Taipei" desktop environment series with many new features. "The latest version of GNOME 3 has been released today. Version 3.34 contains six months of work by the GNOME community and includes many improvements, performance improvements and new features," reads today's announcement. "Highlights from this release include visual refreshes for a number of applications, including the desktop itself. The background selection settings also received a redesign, making it easier to select custom backgrounds."

  • GNOME 3.34 Released with “Drastically Improved” Responsiveness

    And it’s here; the new GNOME 3.34 release is now officially available, six months after development first began. And the biggest change on offer in GNOME 3.34 isn’t one you can see, but it is one you can feel: speed. Now, yes: each new release of this particular desktop environment comes carrying claims of “faster” or “better performance”. And those claims don’t always feel accurate.

Graphics: NVIDIA, Mesa and AMD

  • NVIDIA 430.50 Linux Driver Brings Color Fix For Pre-Turing GPUs

    While the NVIDIA 435 series is now stable, for those sticking to the previous NVIDIA 430 driver series that is their current "long-lived" driver branch, a new version is available. NVIDIA 430.50 was released on Wednesday as the latest Linux driver release in this driver series supported for an extended period of time. The only listed change for the NVIDIA 430.50 Linux driver is fixing the display color range handling for pre-Turing GPUs. When limiting the color range via the NVIDIA-Settings GUI, the output pixel values will now be properly clamped to the CTA range.

  • Mesa 19.2-RC3 Released While Final Release Expected Around Month's End

    The third release candidate of the belated Mesa 19.2 is now available while a fourth and likely final RC is expected next week while the stable release of this quarterly Mesa3D update should be out at month's end. Mesa 19.2-RC3 back-ports the new support for DriConf in Intel's Vulkan driver (for a workaround with GfxBench), various NIR fixes, a GLX segmentation fault is fixed, a few RADV and RadeonSI fixes (including Navi/GFX10 fixes for RadeonSI), and the Intel glthread crash fix for KDE's KWin.

  • AMDGPU Driver Looking To Re-Enable Performance-Boosting "Bulk Moves" Functionality

    AMD developers are looking at finally re-enabling the LRU bulk moves functionality in their AMDGPU Linux kernel graphics driver that has the ability to help with performance. The LRU bulk moves patches were posted back in August of 2018 with the ability to help improve OpenCL and Vulkan performance for Radeon graphics. But prior to the release of the Linux 5.0 kernel that functionality was disabled for bugs.

today's leftovers

  • Ubuntu?s New Look: Are You a Fan? [Poll]

    As mentioned in yesterday?s new report, Ubuntu?s community design team have elected to change the look of Ubuntu. The dark header bars used in the ?current? Yaru GTK theme (Ubuntu 19.04) have been replaced by lighter, greyer (though apparently bluer) ones. The new lighter header bars are said be in keeping with the upstream Adwaita GTK theme (on which Yaru is based). Additionally, the lighter look is said to resolve and address a number of usability issues resulting from the ?mixed? theme set-up.

  • Fairphone 3 Gets a Perfect 10 in iFixit Repairability Score

    ...Launched just a few weeks ago, Fairphone 3 is a socially responsible phone that aims to be modular, easy to repair...

  • Raspberry Pi clone sports 1.84GHz Intel Cherry Trail processor

    Radxa has posted specs for a new member of its community backed “Rock Pi” Raspberry Pi lookalike SBC family, this time with an Intel Cherry Trail Atom x5-Z8300, USB 3.0, MicroSD, HDMI, eDP/MIPI, and GbE, plus optional WiFi and Bluetooth 4.2 LE. In June, Radxa unveiled its Rock Pi S SBC that runs Linux on a RK3308 and updated its RK3399-based Rock Pi 4 with extra memory. Now, Radxa is preparing to add to that family of Raspberry Pi pseudo clones with an SBC called Rock Pi X, based on the Intel “Cherry Trail” Atom x5-Z8300. We learned about the new board from our friends at Hackerboards, who added the Rock Pi X to its database yesterday.

    •  
  • Which Compression Format to Use for Archiving
                   
                     

    The last criteria is the most important; the format has to be resilient. It has to expect that damage will happen, and have a strategy for dealing with that damage. Or at least work around the damage.  

  • Announcing Linux Autumn 2019

    Summer is not yet over (in my climate zone) but it’s time to think about the autumn. Yes, I mean the Linux Autumn, the annual Polish conference of Linux and free software enthusiasts organized by PLUG. I wrote about this event many times in the past, I don’t want to make you bored by the same things again. This year we hope to invite more foreign guests and make the conference more international, possibly with one day full of English talks. [...] Remember that the conference is paid for attendees. The money is spent to pay for the accommodation and food for everyone. Why do I ever write in the article for Fedora Planet about a paid and not strictly Fedora-oriented event? First of all, the participation (including accommodation and food) is fully refunded for speakers. I’m not encouraging you to attend a paid event, although if you want you are most welcome. I’m encouraging you to give your talks and participate in a three-days long event for free. Second, this is a Linux event and Fedora is still a Linux distribution. Third, as we all know, many Fedora contributors live and work in the Czech Republic, especially in Brno, and this event is organized in Poland just across the Czech border. It cannot be closer.

