Zack's Kernel News

Kernel News

Article from Issue 237/2020

Author(s): Zack Brown

Zack covers: When a Security Hole Is OK; Kernel Documentation Updates; and Security Through Obscurity

When a Security Hole Is OK

Eric W. Biederman recently posted a patch to replace a 32-bit counter with a 64-bit counter. This would fix the problem that, as he put it, "With care an attacker can cause exec_id wrap and send arbitrary signals to a newly exec'd parent."

He added that he had tested this hole and found that he could wrap the 32-bit exec_id and exploit the problem in two weeks. Faster systems, of course, could do it more quickly.

However, Eric did acknowledge that on 32-bit CPUs, "reading self_exec_id is no longer atomic and can take two read instructions." This meant that on 32-bit systems there would be a microscopic window of time when the actual self_exec_id value would not match the value being read by the code. During that time, he said, this security hole remained exploitable.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES

Print Issues

Digital Issues

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Read full article as PDF:

Price $2.95

News

LibreOffice 7 Now Available

LibreOffice , libreoffice

The LibreOffice 7 office suite is now available with important compatibility improvements.
Microsoft Brings procmon to Linux

The creators of Windows have brought the sysinternals procmon tool to the open source operating system.
New KDE Slimbook Available

The makers of the KDE Slimbook have released a Ryzen-4000 powered laptop.
PinePhone Now Offers a Convergence Package

The makers of the Linux PinePhone are now offering a model that makes desktop/mobile convergence a reality.
Flutter is Coming to Linux

Community

Google and Canonical have joined forces to bring Flutter to the Linux desktop.
Purism Launches a Mini PC

Hardware , laptop

The makers of the Librem line of Linux-based laptops have released a mini PC.
openSUSE Leap 15.2 Adds AI Machine Learning

Opensuse

With the new release of openSUSE Leap comes some exciting new features, including machine learning.
Google’s Nearby Sharing Could Work with Linux

Google’s answer to Apple’s AirDrop feature is rumored to work with the Linux desktop.
System76 Launches Ryzen-Powered Laptop

laptop , Linux

The new System76 Serval WS includes a powerful AMD Ryzen CPU.
Linux Mint Drops Snap

Linux Mint has officially dropped their support for Canonical’s snap packages.

Zack's Kernel News

Kernel News

When a Security Hole Is OK

Buy this article as PDF

Buy Linux Magazine

Related content

Visit Our Shop

Direct Download

Read full article as PDF:

News

LibreOffice 7 Now Available

Microsoft Brings procmon to Linux

New KDE Slimbook Available

PinePhone Now Offers a Convergence Package

Flutter is Coming to Linux

Purism Launches a Mini PC

openSUSE Leap 15.2 Adds AI Machine Learning

Google’s Nearby Sharing Could Work with Linux

System76 Launches Ryzen-Powered Laptop

Linux Mint Drops Snap

Zack's Kernel News

Kernel News

When a Security Hole Is OK

Buy this article as PDF

Buy Linux Magazine

Related content

Visit Our Shop

Direct Download

Read full article as PDF:

News

Tag Cloud