Post Syndicated from daroc original https://lwn.net/Articles/993778/

Security updates have been issued by AlmaLinux (.NET 6.0, .NET 8.0, and openssl), Debian (firefox-esr), Fedora (firefox), Mageia (php, quictls, and vim), Red Hat (buildah, container-tools:rhel8, containernetworking-plugins, firefox, podman, skopeo, and tomcat), Slackware (mozilla), SUSE (apache-commons-io, kernel, and xen), and Ubuntu (golang-1.17, libgsf, and linux-aws-6.8, linux-oracle-6.8).

Post Syndicated from daroc original https://lwn.net/Articles/992693/

Bindgen is a widely used tool that automatically generates Rust bindings from C
headers. The

Rust-for-Linux project uses it to create some of
the bindings between Rust code and the rest of the kernel. John Baublitz
presented at Kangrejos about the improvements that he has made to the tool in
order to make the generated bindings easier to use, including improved support
for macros, bitfields, and enums.

Post Syndicated from daroc original https://lwn.net/Articles/993436/

The Julia project has

released version 1.11.0. A separate

blog post covers some of the highlights. The release includes a number of helpful features.

In previous Julia versions, there was no “programmatic way” of knowing if an unexported name was considered part of the public API or not. Instead, the guideline was basically that if it was not in the manual then it was not public which was a bit underwhelming. To remedy that, there is now a public keyword in Julia that can be used to indicate that an unexported name is part of the public API.

Post Syndicated from daroc original https://lwn.net/Articles/992455/

Alice Ryhl has been working to enable

tracepoints — which are widely used
throughout the kernel — to be seamlessly placed in Rust code as well. She spoke
about her approach at Kangrejos. Her

patch set
enables efficient use of static
tracepoints, but supporting dynamic tracepoints will take some additional effort.

Post Syndicated from daroc original https://lwn.net/Articles/993044/

Akamai

released a report pointing out that the

recently-reported CUPS vulnerability
(original disclosure)
could be used to drive distributed denial-of-service (DDoS) attacks as well. Even if an attacker cannot gain remote control over a computer, they can still cause it to fetch a URL of their choice — potentially getting free DDoS amplification.

The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+).

Post Syndicated from daroc original https://lwn.net/Articles/992055/

Rust has a plethora of smart-pointer types, including reference-counted
pointers, which have special support in the compiler to make them
easier to use. The Rust-for-Linux project would like to reap those same benefits
for its smart pointers, which need to be written by hand to conform to
the

Linux kernel
memory model. Xiangfei Ding
presented at Kangrejos about the work to enable custom
smart pointers to function the same as built-in smart pointers.

Post Syndicated from daroc original https://lwn.net/Articles/992977/

The
6.11.2,
6.10.13,
and
6.6.54 stable kernels have been released.
They contain important fixes, and upgrading is, as always, recommended.

Post Syndicated from daroc original https://lwn.net/Articles/992936/

Security updates have been issued by AlmaLinux (firefox, golang, linux-firmware, and thunderbird), Debian (kernel and zabbix), Fedora (firefox, pgadmin4, and php), Mageia (chromium-browser-stable, cjson, hostapd and wpa_supplicant, and openjpeg2), Oracle (firefox, flatpak, and go-toolset:ol8), Red Hat (cups-filters, firefox, grafana, linux-firmware, python3, python3.11, and python3.9), SUSE (expat, firefox, libpcap, and opensc), and Ubuntu (freeradius, imagemagick, and unzip).

Post Syndicated from daroc original https://lwn.net/Articles/991719/

BPF Type Format (BTF),
BPF’s debugging information format, has undergone rapid evolution to match
the evolving needs of BPF programs. José Marchesi spoke at Kangrejos about some
of that work — and how it could impact Rust, specifically. He discussed debug
information, kernel-specific relocations, and the planned changes to kernel
stack unwinding. Each of these will require some amount of work to fully
support in Rust, but preliminary signs look promising.

Post Syndicated from daroc original https://lwn.net/Articles/991399/

Tathagata Roy has been working to make the

Coccinelle tool that is used (among other things)
to automate the refactoring of C code work on Rust
code as well. Roy gave a
presentation at Kangrejos about that work,
including the creative approaches necessary to work with Rust’s more complicated
control flow and syntax.

Post Syndicated from daroc original https://lwn.net/Articles/992030/

Security updates have been issued by Debian (chromium and trafficserver), Fedora (chromium), Mageia (apache-mod_jk, gnome-shell, kernel, kmod-xtables-addons, and kmod-virtualbox, kernel-linus, and python3), Oracle (container-tools:ol8, dovecot, emacs, expat, firefox, git-lfs, gtk3, kernel, nano, net-snmp, osbuild-composer, python3, python3.11, python3.12, ruby:3.3, and virt:ol and virt-devel:rhel), Slackware (boost), SUSE (kernel), and Ubuntu (configobj, cups, cups-browsed, cups-filters, libcupsfilters, and libppd).

Post Syndicated from daroc original https://lwn.net/Articles/991929/

Security researcher Simone Margaritelli

has reported a new vulnerability in

CUPS, the software that many Linux systems use to manage printers and print jobs. Margaritelli describes the impact of the attack by saying:

A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).

The vulnerability relies on a few related problems in CUPS libraries and utilities; versions before 2.0.1 or 2.1b1 (depending on the component) may be affected.

Red Hat has released a security bulletin as well.

Post Syndicated from daroc original https://lwn.net/Articles/990918/

Danilo Krummrich gave a talk at Kangrejos 2024 focusing on the question of how
the Rust-for-Linux project could improve at getting device and driver
abstractions upstream. As a case study, he used some of his recent work that
attempts to make it possible to write a PCI driver entirely in Rust. There
wasn’t time to go into as much detail as he would have liked, but he did
demonstrate that it is possible to interface with the kernel’s module loader in
a way that is much harder to
screw up than the current standard approach in C.

Post Syndicated from daroc original https://lwn.net/Articles/990736/

In March, Danilo Krummrich announced the new
Nova GPU driver — a successor to Nouveau for controlling NVIDIA GPUs.
At Kangrejos 2024, Krummrich gave a
presentation about what it is, why it’s needed, and where it’s
going next. Hearing about the needs of the driver provoked extended discussion
on related topics, including what level of safety is reasonable to expect from
drivers, given that they must interact with the hardware.

Post Syndicated from daroc original https://lwn.net/Articles/990619/

Dirk Behme led a second session, back-to-back with
his session on error handling at
Kangrejos 2024, discussing providing better guidance for users of the kernel’s
Rust abstractions. Just after that,
Carlos Bilbao and Miguel Ojeda had their own time slot dedicated to collecting
resources that could be of use to someone trying to come up to speed
on kernel development in
Rust. The attendees provided a lot of guidance in both sessions, and
discussed what they could do to make things easier for people coming
from non-Rust backgrounds.

Post Syndicated from daroc original https://lwn.net/Articles/991028/

The OpenSSH project has released version 9.9. This version includes support for the
new post-quantum cryptography standard from NIST.
The release also includes
the next step in the deprecation of DSA keys — they are now disabled by default at compile time,
and are expected to be removed entirely in early 2025. The release also contains the normal mixture of bug fixes and small usability improvements.

Post Syndicated from daroc original https://lwn.net/Articles/991027/

Security updates have been issued by Debian (chromium), Fedora (bluez, chromium, frr, iwd, libell, python3.11, python3.8, python3.9, and ruby), Mageia (kernel, kmod-xtables-addons, and kmod-virtualbox and kernel-linus), Red Hat (kernel), SUSE (kernel, kubernetes1.23, kubernetes1.24, kubernetes1.25, libmfx, and python-azure-identity), and Ubuntu (emacs, emacs24, emacs25, libreoffice, postgresql-9.5, python2.7, python3.5, and tgt).

Post Syndicated from daroc original https://lwn.net/Articles/990489/

Dirk Behme led a session discussing the use of Rust’s question-mark operator in
the kernel at Kangrejos 2024. He was particularly concerned with the concept of
“silent” errors that don’t print any messages to the console.
Other attendees were less convinced that this was a problem, but his presentation
sparked a lot of discussion about whether the Rust-for-Linux project could
improve error handling in kernel Rust code.

Post Syndicated from daroc original https://lwn.net/Articles/990273/

Kangrejos 2024 started off with a talk from Benno Lossin about his
recent work
to establish a standard for safety documentation in Rust kernel code. Lossin
began his talk by giving a brief review of what safety documentation is, and
why it’s needed, before moving on to the current status of his work. Safety
documentation is easier to read and write when there’s a shared vocabulary for
discussing common requirements; Lossin wants to establish that shared vocabulary
for Rust code in the Linux kernel.

Post Syndicated from daroc original https://lwn.net/Articles/990596/

Four researchers have published a formal proof that Linux’s new deterministic random bit generator (DRBG) is secure in a particular sense — specifically, that the number of queries that would need to be made to it to uncover its internal state depends on the quality of the entropy it can collect from different sources. As long as it can gather enough entropy, it produces secure random numbers.

Since the significant structural changes in Linux 4 and Linux 5.17, there has
been no research on the provable security of Linux-DRBG. For the first time (to
the best of our knowledge), we formally model the Linux-DRBG in Linux 6.4.8
and prove its security in the seedless robustness model

Thanks to Jason Donenfeld for bringing the paper to our attention.