All posts by corbet

Ryabitsev: Tracking kernel development with korgalore

Post Syndicated from corbet original https://lwn.net/Articles/1055219/

Konstantin Ryabitsev has put up a
blog post about korgalore, a tool he has written to circumvent delivery
problems experienced by kernel developers using the large, centralized
email systems.

We cannot fix email delivery, but we can sidestep it
entirely. Public-inbox archives like lore.kernel.org store all
mailing list traffic in git repositories. In its simplest
configuration, korgalore can shallow-clone these repositories
directly and upload any new messages straight to your mailbox using
the provider’s API.

Remote authentication bypass in telnetd

Post Syndicated from corbet original https://lwn.net/Articles/1055213/

One would assume that most LWN readers stopped running network-accessible
telnet services some number of decades ago. For the rest of you, this security advisory from
Simon Josefsson is worthy of note:

The telnetd server invokes /usr/bin/login (normally running as
root) passing the value of the USER environment variable received
from the client as the last parameter.

If the client supplies a carefully crafted USER environment value
being the string “-f root”, and passes the telnet(1) -a or –login
parameter to send this USER environment to the server, the client
will be automatically logged in as root bypassing normal
authentication processes.

The end of OzLabs

Post Syndicated from corbet original https://lwn.net/Articles/1055051/

OzLabs is a collection of Australian
free-software developers that was, for most of its history, associated with
IBM. Members of OzLabs have included Hugh Blemings, Michael Ellerman, Ben
Herrenschmidt, Greg Lehey, Paul Mackerras, Martin Pool, Stephen Rothwell,
Rusty Russell, and Andrew Tridgell, among others. The OzLabs “about” page notes that, as
of January 2026, the last remaining OzLabs members have departed IBM.
This brought to a close the Ozlabs association with IBM“. Thus
ends a quarter-century of development history.

(Thanks to Jon Masters).

[$] Task-level io_uring restrictions

Post Syndicated from corbet original https://lwn.net/Articles/1054225/

The io_uring
subsystem is more than an asynchronous I/O interface for Linux; it is,
for all practical purposes, an independent system-call API. It has enabled
high-performance applications, but it also brings challenges for code built
around classic, Unix-style system calls. For example, the seccomp()
sandboxing mechanism does not work with it, causing applications using
seccomp() to disable io_uring outright. Io_uring maintainer Jens
Axboe is seeking to improve that situation with a rapidly evolving patch
series adding a new restrictive mechanism to that subsystem.

A 0-click exploit chain for the Pixel 9 (Project Zero)

Post Syndicated from corbet original https://lwn.net/Articles/1054547/

The Project Zero blog has a
three-part series describing a working, zero-click exploit for
Pixel 9 devices.

Over the past few years, several AI-powered features have been
added to mobile phones that allow users to better search and
understand their messages. One effect of this change is increased
0-click attack surface, as efficient analysis often requires
message media to be decoded before the message is opened by the
user. One such feature is audio transcription. Incoming SMS and RCS
audio attachments received by Google Messages are now automatically
decoded with no user interaction. As a result, audio decoders are
now in the 0-click attack surface of most Android phones.

The blog entry does not question the wisdom of directly exposing audio
decoders to external attackers, but it does provide a lot of detail showing
how it can go wrong. The first part looks at compromising the codec; part
two extends the exploit to the kernel, and part
three looks at the implications:

It is alarming that it took 139 days for a vulnerability
exploitable in a 0-click context to get patched on any Android
device, and it took Pixel 54 days longer. The vulnerability was
public for 82 days before it was patched by Pixel.

[$] Removing a pointer dereference from slab allocations

Post Syndicated from corbet original https://lwn.net/Articles/1053870/

Al Viro does not often stray outside of the core virtual filesystem area;
when he does, it is usually worthy of note. Recently, he wandered into
memory management with this patch
series to the slab allocator and some of its users. Kernel developers
will often put considerable effort into small optimizations, but it is
still interesting to look at just how much effort has gone toward the purpose of
avoiding a single pointer dereference in some memory-allocation hot paths.

[$] READ_ONCE(), WRITE_ONCE(), but not for Rust

Post Syndicated from corbet original https://lwn.net/Articles/1053142/

The READ_ONCE() and WRITE_ONCE() macros are heavily used
within the kernel; there are nearly 8,000 call sites for
READ_ONCE(). They are key to the implementation of many lockless algorithms and can be necessary for some
types of device-memory access. So one might think that, as the
amount of Rust code in the kernel increases, there would be a place for
Rust versions of these macros as well. The truth of the matter, though, is
that the Rust community seems to want to take a different approach to
concurrent data access.

[$] GPLv2 and installation requirements

Post Syndicated from corbet original https://lwn.net/Articles/1052842/

On December 24 2025, Linus Torvalds posted a strongly
worded message celebrating a ruling in
the ongoing GPL-compliance lawsuit filed
against VIZIO by the Software Freedom Conservancy (SFC). This case and
Torvalds’s response have put a spotlight on an old debate over the extent
to which the source-code requirements of the GNU
General Public License (version 2) extend to keys and other data
needed to successfully install modified software on a device. It is worth
looking at whether this requirement exists, the subtleties in
interpretation that cloud the issue, and the extent to which, if any, the
SFC is demanding that information.

[$] LWN.net Weekly Edition for January 8, 2026

Post Syndicated from corbet original https://lwn.net/Articles/1051994/

Inside this week’s LWN.net Weekly Edition:

  • Front: What to expect in 2026; LAVD scheduler; libpathrs; Questions for the TAB; Graphite; 2025 timeline.
  • Briefs: shadow-utils 4.19.0; Android releases; IPFire 2.29-199; Manjaro 26.0; curl strcpy(); GNU ddrescue 1.30; Ruby 4.0; Partial GPL ruling; Quotes; …
  • Announcements: Newsletters, conferences, security updates, patches, and more.

Google will now only release Android source code twice a year (Android Authority)

Post Syndicated from corbet original https://lwn.net/Articles/1053061/

Android Authority reports
that Google will be reducing the frequency of releases of code to the
Android Open Source Project to only twice per year.

A spokesperson for Google offered some additional context on this
decision, stating that it helps simplify development, eliminates
the complexity of managing multiple code branches, and allows them
to deliver more stable and secure code to Android platform
developers. The spokesperson also reiterated that Google’s
commitment to AOSP is unchanged and that this new release schedule
helps the company build a more robust and secure foundation for the
Android ecosystem.

The release schedule for security patches is unchanged.

[$] Predictions for the new year

Post Syndicated from corbet original https://lwn.net/Articles/1052269/

The calendar has flipped over to 2026; a new year has begun. That means
the moment we all dread has arrived: it is time for LWN to put out a set of
lame predictions for what may happen in the coming year. Needless to say,
we do not know any more than anybody else, but that doesn’t stop us from
making authoritative-sounding pronouncements anyway.

Kernel prepatch 6.19-rc4

Post Syndicated from corbet original https://lwn.net/Articles/1052732/

The 6.19-rc4 kernel prepatch is out for
testing.

So this rc is still a bit smaller than usual, but it’s not _much_
smaller, and I think next week is likely going to be more or less
back to normal.

Which is all exactly as expected, and nothing here looks
particularly odd. I’ll make an rc8 this release just because of the
time lost to the holidays, not because it looks like we’d have any
particular issues pending (knock wood).

Kroah-Hartman: Linux kernel security work

Post Syndicated from corbet original https://lwn.net/Articles/1052607/

Greg Kroah-Hartman has written an
overview of how the kernel’s security team works.

The members of the security team contain a handful of core kernel
developers that have experience dealing with security bugs, and
represent different major subsystems of the kernel. They do this
work as individuals, and specifically can NOT tell their employer,
or anyone else, anything that is discussed on the security alias
before it is resolved. This arrangement has allowed the kernel
security team to remain independent and continue to operate across
the different governments that the members operate in, and it looks
to become the normal way project security teams work with the
advent of the European Union’s new CRA law coming into effect.

Graham: [KDE] Highlights from 2025

Post Syndicated from corbet original https://lwn.net/Articles/1052241/

Nate Graham looks
back at how 2025 went for the KDE project.

Today Plasma is the default desktop environment in a bunch of the
hottest new gaming-focused distros, including Bazzite, CachyOS,
Garuda, Nobara, and of course SteamOS on Valve’s gaming
devices. Fedora’s Plasma edition was also promoted to co-equal
status with the GNOME edition, and Asahi Linux — the single
practical option for Linux on newer Macs — only supports KDE
Plasma. Parrot Linux recently switched to Plasma by default,
too. And Plasma remains the default on old standbys like
EndeavourOS, Manjaro, NixOS, OpenMandriva, Slackware and TuxedoOS —
which ships on all devices sold by Tuxedo Computers!