Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Authorization Basics

    In this article, we explained what authorization is and how it differs from authentication. We gave examples for authorization processes and explained the two different access control models: capability-based access control and access control lists.

    The Linux/UNIX file permissions were used to show an example of how ACLs could be used. Note that, although Linux/UNIX file permissions are a type of ACL, they are not to be confused with the POSIX ACL, which are also available on Linux platforms. S acl(5) in the man pages for more information.

    We learned that authorization is used to determine what actions a subject is allowed to perform on an object. Besides the examples from this article, other methods can be used to implement access control, including Discretionary Access Control (DAC), Mandatory Access Control (MAC) or Role-Based Access Control (RBAC), to name the most common ones.

  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc, java-1.8.0-openjdk, java-11-openjdk, kernel, kernel-rt, kpatch-patch, libldb, perl, RHV-H, rpm, shim and fwupd, and systemd), Slackware (kernel), SUSE (caribou, containerd, crmsh, curl, dbus-1, kernel, qemu, and systemd), and Ubuntu (binutils, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-lts-xenial, linux-kvm, linux-oracle, linux-raspi, linux-raspi2-5.3, linux-oem-5.10, nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-460, nvidia-graphics-drivers-460-server, nvidia-graphics-drivers-470, and systemd).

  • NVIDIA announce new security issues, make sure you have updated drivers

    Here we are again. NVIDIA has today sent out a security bulletin to inform users on Linux and Windows to ensure your GPU drivers are up to date to do freshly revealed security problems.

    The issues can result in information disclosure, data tampering, and denial of service. As always, even if you think you're not vulnerable for whatever reason, upgrading is highly recommended now.

  • Defending Against Spyware Like Pegasus

    This has been a busy week for security news, but perhaps the most significant security and privacy story to break this week (if not this year), is about how NSO Group’s Pegasus spyware has been used by a number of governments to infect and spy on journalists and activists and even heads of state by sending an invisible, silent attack to their iPhone that requires no user interaction. This attack works even on new, fully-patched phones, and once the phone is compromised, the attacker has full remote control over the phone including access to the file system, location, and microphone and cameras.

    What’s particularly scary about spyware in general, and is true for Pegasus as well, is that victims have no indication they’ve been compromised. Due to how locked down the iPhone is from the end user, detecting Pegasus in particular requires expert forensics techniques. This has left many at-risk iPhone users wondering whether they too are compromised and if so, what do they do?

More in Tux Machines

pgAdmin 4 v6.1 Released

The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.1. This release of pgAdmin 4 includes 30 bug fixes and new features. For more details please see the release notes. pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website. Read more Also: pgexporter 0.2.0

today's leftovers

  • GPL Had Better be a Contract

    Software Freedom Conservancy announced today that they are suing Vizio, which makes TVs, for violations of GPLv2 and LGPLv2.1. Their website has a copy of a signed complaint, the legal document you file with a court to get a lawsuit started.

    Upshot: It looks like SFC’s suing for breach of contract. They’re claiming explicitly that GPLv2 and LGPLv2.1 are contracts, that Vizio breached those contracts, and that they should be held accountable under contract law.

    The main remedy SFC requests—the thing they’re asking the court to do for them—is to order Vizio to give them full corresponding source code, as agreed under GPLv2 and LGPLv2.1. That’s called “specific performance”. It’s a remedy under contract law. Not property law or intellectual property law, like copyright law.

  • Open access switch picks up pace in Australia and New Zealand

    Australian and New Zealand universities have notched up open access deals with two major academic publishers inside a week after Springer Nature unveiled a “transformative agreement” with the Council of Australian University Librarians (Caul).

    The three-year “read and publish” arrangement covers the article processing charges that authors normally pay to move their work in front of paywalls. Researchers will be able to make their articles freely accessible if they are accepted for publication in more than 2,000 journals, provided that their universities subscribe to those journals.

  • OK Lenovo, we need to talk!

    I’ve been wanting to publicly comment on Lenovo’s statement on Linux support for a while, as there’s much to say about it, and my failing attempt at finding a suitable replacement for my venerable T510 gave me an excuse to document my love-hate relationship with Lenovo all at once.

    This is of course my own personal views and ideas, and does not reflect the Haiku project’s position on the topic, nor that of Haiku, Inc. But I feel they deserve to be brought here due to history and the direct and indirect effect it might have had on the project, including previous failed attempts at commercial applications using it.

    While Lenovo is still above many other manufacturers on some aspects, and on others domains, well, nobody does any better anyway, they purport to perpetuating the IBM legacy, so I think (sic) they should be held up to the standard they claim to follow. Yet the discussion about repair and documentation pertains to almost every vendor.

  • sh(1): make it the default shell for the root user

    This changes also simplifies making tiny freebsd images with only sh(1) as a shell

  • #13 It begins…

    Update on what happened across the GNOME project in the week from October 01 to October 08.

  • CUDA-Python Reaches "GA" With NVIDIA CUDA 11.5 Release, __int128 Preview

    NVIDIA has made available CUDA 11.5 today as the latest version of their popular but proprietary compute stack/platform. Notable with CUDA 11.5 is that CUDA-Python has reached general availability status. NVIDIA CUDA 11.5 was posted today along with updated device drivers for Windows and Linux systems. Some of the CUDA 11.5 highlights include:

  • AMD GPU Driver Looks To Make Use Of Intel's New Buddy Allocator Code In The Linux Kernel - Phoronix

    Thanks to the nature of open-source, AMD engineers for the "AMDGPU" kernel graphics driver are looking to make use of Intel's new i915 buddy allocator code they introduced as part of all their video memory management changes as part of their discrete graphics bring-up. As part of Intel's bring-up of device local memory support for their dedicated GPU enablement and adding the notion of memory regions and other changes, they added a buddy allocator implementation for allocating video memory. This is an implementation of the well known buddy system for dividing of memory into equal parts (buddies) and continuing equal splitting that until able to satisfy the memory request.

Programming Leftovers

  • Ruby Lands "YJIT" As A Speedy, In-Process JIT Compiler - Phoronix

    YJIT is a JIT compiler for Ruby that leverages the lazy Basic Block Versioning (LBBV) architecture. YJIT has been in the works for a number of years. Most exciting for end-users and developers is that YJIT yields an average speed-up of around 23% compared to the current CRuby interpreter for realistic benchmarks.

  • Release: rebuilderd v0.15.0

    rebuilderd 0.15.0 very recently released, this is a short intro into what it is, how it works and how to build our own integrations!

  • Eclipse OpenJ9 0.29 Released With Full AArch64 Linux Support, More Mature JITServer Tech

    The newest feature release to Eclipse OpenJ9 is now available, the high performance Java Virtual Machine originating from IBM J9. Eclipse OpenJ9 v0.29 was released today, one day after the GraalVM 21.3 release and one month after the OpenJDK 17 debut. But in the case of OpenJ9 v0.29 it continues to target just OpenJDK 8 and OpenJDK 11.

Security, Entrapment (Microsoft GitHub), and Microsoft FUD