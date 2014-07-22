We delivered many benchmarks of Clang 10.0 on various CPUs following that updated LLVM compiler stack release earlier this year. With GCC 10 released earlier this month, we have begun our benchmarking of this annual feature release to the GNU Compiler Collection. First up is a look at the GCC 9 vs. GCC 10 vs. LLVM Clang 10 compiler performance on AMD Zen 2 and Intel Cascade Lake systems. This initial round of benchmarking for GCC 10 vs. Clang 10 is looking at the release builds of each plus GCC 9.3 when testing on AMD Ryzen Threadripper 3990X and Intel Core i9 10980XE workstations. The Threadripper 3990X is running out of the System76 Thelio Major. Both systems were running Ubuntu 20.04 LTS with the Linux 5.4 kernel and all the compilers were built in the same release mode manner. There are RAM/SSD differences between the systems with not intending to compare the AMD vs. Intel performance but rather looking at how these LLVM Clang and GCC compilers are performing across multiple CPU families. Additional CPU benchmarks will be forthcoming with these compilers.

Two kernel updates are available for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04.6 LTS (Xenial Xerus) operating system series running the Linux 4.15 LTS kernel series, as well as Ubuntu 16.04 LTS systems running the Linux 4.4 LTS kernel series. Two issues are common for both the Linux 4.15 and 4.4 kernel series, namely a flaw (CVE-2020-11494) discovered in the Serial CAN interface driver that could allow a local attacker to expose sensitive information (kernel memory) and a vulnerability (CVE-2020-11565) that could let a local attacker with access to specify mount options to the tmpfs virtual memory file system to crash the system by causing a denial of service.

Security Leftovers Security updates for Tuesday Security updates have been issued by Debian (dpdk and exim4), Fedora (openconnect, perl-Mojolicious, and php), Red Hat (kernel and kpatch-patch), Slackware (sane), and Ubuntu (bind9, dpdk, exim4, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-lts-xenial, linux-raspi2, linux-snapdragon).

Security Expert Tadayoshi Khono Joins EFF Advisory Board EFF is proud to announce a new addition to our crack advisory board: security expert and scholar Tadayoshi Khono. A professor at University of Washington’s Paul G. Allen School of Computer Science & Engineering, Khono is a researcher whose work focuses on identifying and fixing security flaws in emerging technologies, the Internet, and the cloud.Khono examines and tests software and networks with the goal of developing solutions to security and privacy risks before those risks become a threat. His research focuses on helping protect the security, privacy, and safety of users of current and future generation technologies.Khono has revealed security flaws in electronic voting machines, implantable cardiac defibrillators, and pacemakers, and automobiles. He recently studied flaws in augmented reality (AR) apps, and last year co-developed a tool for developers to build secure multi-user AR platforms. A 2019 report he co-authored about the genealogy site GEDmatch, used to find the Golden State Killer, showed vulnerabilities to multiple security risks that could allow bad actors to create fake genetic profiles and falsely appear as a relative to people in the GEDmatch database.Khono has spent the last 20 years working to raise awareness about computer security among students, industry leaders, and policy makers. He is the recipient of an Alfred P. Sloan Research Fellowship, a U.S. National Science Foundation CAREER Award, and a Technology Review TR-35 Young Innovator Award. He has presented his research to the U.S. House of Representatives, and had his research profiled in the NOVA ScienceNOW “Can Science Stop Crime?” documentary and the NOVA “CyberWar Threat” documentary. Kohno received his Ph.D. from the University of California at San Diego, where he earned the department’s Doctoral Dissertation Award.We’re thrilled that Khono has joined EFF’s advisory board.

Why you should be using Multi-Category Security for your Linux containers In our last post, we discussed SELinux and how it can be used to improve container security. We also looked at the Multi-Level Security (MLS) and Multi-Category Security (MCS) models. In this post, we'll compare those models and explain why we believe MCS to be a better approach to container security. We often describe SELinux policy for containers as "what happens in Vegas stays in Vegas." What we mean by this is we use SELinux to keep the processes inside of the container file system. If somehow they break out of container confinement, SELinux can prevent them from reading and writing other content on the hosts file systems. SELinux has been proven to block container breakouts based on file system attacks. The goal of MLS is similar in that it allows the processes running in the same sensitivity level to read/write all of the content at the same level.