LWN.net

Ars Technica is reporting on a flaw in the RSA library developed by Infineon that drastically reduces the amount of work needed to discover a private key from its corresponding public key. This flaw, dubbed "ROCA", mainly affects key pairs that have been generated on keycards. "While all keys generated with the library are much weaker than they should be, it's not currently practical to factorize all of them. For example, 3072-bit and 4096-bit keys aren't practically factorable. But oddly enough, the theoretically stronger, longer 4096-bit key is much weaker than the 3072-bit key and may fall within the reach of a practical (although costly) factorization if the researchers' method improves.To spare time and cost, attackers can first test a public key to see if it's vulnerable to the attack. The test is inexpensive, requires less than 1 millisecond, and its creators believe it produces practically zero false positives and zero false negatives. The fingerprinting allows attackers to expend effort only on keys that are practically factorizable. The researchers have already used the method successfully to identify weak keys, and they have provided a tool here to test if a given key was generated using the faulty library. A blog post with more details is here."

Security updates have been issued by Debian (wpa), Fedora (perl, recode, and tor), Gentoo (elfutils, gnutls, graphite2, libtasn1, puppet-agent, shadow, and webkit-gtk), Mageia (pjproject, thunderbird, and weechat), and SUSE (kernel).

The Linux Foundation's Technical Advisory board, in response to concernsabout exploitative license enforcement around the kernel, has put togetherthis patch adding a document to the kerneldescribing its view of license enforcement. This document has been signedor acknowledged by a long list of kernel developers.In particular, it seeks toreduce the effect of the "GPLv2 death penalty" by stating that a violator'slicense to the software will be reinstated upon a timely return tocompliance. "We view legal action as a last resort, to be initiatedonly when other community efforts have failed to resolve the problem.Finally, once a non-compliance issue is resolved, we hope the user will feelwelcome to join us in our efforts on this project. Working together, we willbe stronger."See thisblog post from Greg Kroah-Hartman for more information.

The "krackattacks" web sitediscloses a set of WiFi protocol flaws that defeat most of the protectionthat WPA2 encryption is supposed to provide. "In a keyreinstallation attack, the adversary tricks a victim into reinstalling analready-in-use key. This is achieved by manipulating and replayingcryptographic handshake messages. When the victim reinstalls the key,associated parameters such as the incremental transmit packet number(i.e. nonce) and receive packet number (i.e. replay counter) are reset totheir initial value. Essentially, to guarantee security, a key should onlybe installed and used once. Unfortunately, we found this is not guaranteedby the WPA2 protocol".

The 4.14-rc5 kernel prepatch is out."We've certainly had smaller rc5's, but we've had bigger ones too, andthis week finally felt fairly normal in a release that has up untilnow felt a bit messier than it perhaps should have been.So assuming this trend holds, we're all good. Knock wood."

James Bottomley describesthe use of the trusted platform module with elliptic-curvecryptography, with a substantial digression into how the elliptic-curvealgorithm itself works."The initial attraction is the same as for RSA keys: making itimpossible to extract your private key from the system. However, themathematical calculations for EC keys are much simpler than for RSA keysand don’t involve finding strong primes, so it’s much simpler for the TPM(being a fairly weak calculation machine) to derive private and public ECkeys."

The 4.13.7 stable kernel update has beenreleased; it contains a fix for an unpleasantlocal vulnerability that affects only 4.13 kernels.

When a veteran kernel developer introduces a severe security hole into thekernel, it can be instructive to look at how the vulnerability came about.Among other things, it can point the finger at an API that lends itselftoward the creation of such problems. And, as it turns out, the knowledgethat the API is dangerous at the outset and marking it as such may not beenough to prevent problems.

Security updates have been issued by Arch Linux (botan, flyspray, go, go-pie, pcre2, thunderbird, and wireshark-cli), Fedora (chromium and mingw-poppler), Red Hat (Red Hat JBoss BPM Suite 6.4.6 and Red Hat JBoss BRMS 6.4.6), SUSE (git and kernel), and Ubuntu (libffi and xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial).

Mozilla's manifesto commitsthe organization to a number of principles, including support forindividual privacy and an individual's right to control how they experiencethe Internet. As a result, when Mozilla recently stated its intent toremove the "text only" option from its mailing lists — for the purpose oftracking whether recipients are reading its emails — the reaction was, toput it lightly, not entirely positive. The text-only option has beensaved, but the motivation behind this change is indicative of thechallenges facing independent senders of email.

Greg Kroah-Hartman has announced the release of the 4.13.6, 4.9.55, 4.4.92, and 3.18.75 stable kernels. As usual, theycontain fixes throughout the tree, so users should upgrade.Update: Kroah-Hartman released 4.9.56: "It fixes a networkingbug in 4.9.55. Don't use 4.9.55, it's busted, sorry about that, Ishould have held off and gotten more testing on it, my fault :("

Security updates have been issued by CentOS (httpd and thunderbird), Debian (nss), Fedora (git), openSUSE (krb5, libvirt, samba, and thunderbird), Oracle (httpd and thunderbird), Red Hat (httpd, rh-mysql57-mysql, and thunderbird), Scientific Linux (httpd and thunderbird), and Ubuntu (ceph).

The LWN.net Weekly Edition for October 12, 2017 is available.

<p>Two separate talks, at two different venues, give us a look into thekinds of testing that the Intel graphics team isdoing. Daniel Vetter had a short presentation as part of the Testing and Fuzzing microconference atthe Linux Plumbers Conference (LPC). His colleague, Martin Peres, gave asomewhat longer talk, complete with demos, at the X.Org Developers Conference(XDC). The picture they paint is a pleasing one: there is lots of testinggoing on there. But there are problems as well; that amount of testingruns afoul of bugs elsewhere in the kernel, which makes the jobharder.

Security updates have been issued by Arch Linux (lame, salt, and xorg-server), Debian (ffmpeg, imagemagick, libxfont, wordpress, and xen), Fedora (ImageMagick, rubygem-rmagick, and tor), Oracle (kernel), SUSE (kernel, SLES 12 Docker image, SLES 12-SP1 Docker image, and SLES 12-SP2 Docker image), and Ubuntu (curl, glance, horizon, kernel, keystone, libxfont, libxfont1, libxfont2, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-gcp, linux-hwe, linux-lts-xenial, nova, openvswitch, swift, and thunderbird).

KDE Plasma 5.11 has been released."Plasma 5.11 brings a redesigned settings app, improved notifications, a more powerful task manager. Plasma 5.11 is the first release to contain the new “Vault”, a system to allow the user to encrypt and open sets of documents in a secure and user-friendly way, making Plasma an excellent choice for people dealing with private and confidential information."

While the 4.14 development cycle has not been the busiest ever (12,500changesets merged as of this writing, slightly more than 4.13 at this stageof the cycle), it has been seen as a rougher experience than itspredecessors.There are all kinds of reasons why one cycle might besmoother than another, but it is not unreasonable to wonder whether thefact that 4.14 is a long-term support (LTS) release has affected how thiscycle has gone. Indeed, when he released 4.14-rc3, LinusTorvalds complained that this cycle was more painful than most, and suggested thatthe long-term support status may be a part of the problem. A couple of recent pulls into the mainline highlight thepressures that, increasingly, apply to LTS releases.

Purism has reachedits crowdfunding goal to create the Librem 5, an encrypted, opensmartphone ecosystem that gives users complete device control. "Reaching the $1.5 million milestone weeks ahead of schedule enables Purism to accelerate the production of the physical product. The company plans to move into hardware production as soon as possible to assemble a developer kit as well as initiate building the base software platform, which will be publicly available and open to the developer community." LWN looked at the privacy features planned for the phone in an article for this week's edition.

The GNU Privacy Guard (GnuPG) is one of thefundamental tools that allows a distributed group to have trust in its communications. Werner Koch, lead developer of GnuPG,spoke about it at Kernel Recipes: what's in the new 2.2 version, when older versionswill reach their end of life, and how development will proceed going forward.He also spoke at some length on the issue of best-practice key managementand how GnuPG is evolving to assist. Subscribers can click below for areport on the talk by guest author Tom Yates.

Security updates have been issued by Fedora (WebCalendar), openSUSE (mpg123 and openjpeg2), Red Hat (kernel), and SUSE (firefox, nss).

The kernel's timer interface has been around for a long time, and its APIshows it. Beyond a lack of conformance with current in-kernel interfacepatterns, the timer API is not as efficient as it could be and stands inthe way of ongoing kernel-hardening efforts. A late addition to the 4.14 kernel paves the way toward awholesale change of this API to address these problems.

The next election for members of the Linux Foundation's Technical AdvisoryBoard will be held on October 25 at the Kernel Summit in Prague. Thecall has gone out for candidates to fill the five available seats."The Linux Foundation Technical Advisory Board (TAB) serves as theinterface between the kernel development community and the Foundation.The TAB advises the Foundation on kernel-related matters, helps membercompanies learn to work with the community, and works to resolvecommunity-related problems before they get out of hand. The board hasten members, one of whom sits on the LF board of directors."

Stable kernels 4.9.54, 4.4.91, and 3.18.74 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by CentOS (kernel and postgresql), Debian (botan1.10, curl, dnsmasq, libxfont, nautilus, qemu, qemu-kvm, sam2p, and tor), Fedora (dnsmasq, libmspack, and samba), Gentoo (file, icu, libpcre2, munin, ocaml, pacemaker, postgresql, rubygems, and sudo), Mageia (clamav, dnsmasq, flightgear, libidn, and x11-server), openSUSE (libvirt), Oracle (kernel), SUSE (portus), and Ubuntu (poppler).

The 4.14-rc4 kernel prepatch is out fortesting. "So I do have some hope that things are approachingnormal. I'd expect that to continue, and things start calming down."

The Debian 9.2 point release is available; it includes fixes for a longlist of problems. "As a special case for this point release, thoseusing the 'apt-get' tool to perform the upgrade will need to ensure thatthe 'dist-upgrade' command is used, in order to update to the latest kernelpackages."

Version 235 of the systemd service manager is out; it includes a long listof new features. See this blogpost for a description of the dynamic user feature in particular."One major benefit of dynamic user IDs is that running aprivilege-separated service leaves no artifacts in the system. A systemuser is allocated and made use of, but it is discarded automatically in asafe and secure way after use, in a fashion that is safe for laterrecycling. Thus, quickly invoking a short-lived service for processing somejob can be protected properly through a user ID without having topre-allocate it and without this draining the available UID pool any longerthan necessary."

"Jprobes" are an ancient kernel mechanism used to trace entry into kernelfunctions; they were described in this 2005 LWNarticle. Recently, the kernel community has come to the conclusionthat jprobes have few (if any) remaining users, they have long beensuperseded by the function tracing (ftrace) mechanism, and they are amaintenance burden. As a result, the jprobeAPI will likely be disabled in a near-future kernel. If anybody outthere is still using jprobes, now would be a good time to either move on ormake the case for retaining that feature in the kernel.

Security updates have been issued by Arch Linux (curl, krb5, lib32-curl, lib32-krb5, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), Debian (golang), Fedora (MySQL-zrm), Mageia (firefox, ghostscript, libgd, libraw, libwpd, open-vm-tools, poppler, and rawtherapee), Oracle (kernel and postgresql), Red Hat (kernel), Scientific Linux (kernel), Slackware (curl, openjpeg, and xorg), and Ubuntu (ruby1.9.1).

What kind of cell phone would emerge from a concerted effort to design privacy in fromthe beginning, using free software as much as possible? Someanswers are provided by a crowdfunding campaign launched inAugust by Purism SPC, which has used two suchcampaigns successfully in the past to build a business around securelaptops. The Librem 5, with a five-inch screen and radio chip forcommunicating with cell phone companies, represents Purism's hope to bringthe same privacy-enhancing vision to the mobile space, which is much moredemanding in its threats, technology components, and user experience.

An attacker who seeks to compromise a running kernel by overwritingkernel data structures or forcing a jump to specific kernel code must, ineither case, have some idea of where the target objects are in memory.Techniques like kernel address-space layout randomization have been createdin the hope of denying that knowledge, but that effort is wasted if the kernelleaks information about where it has been placed in memory. Developershave been plugging pointer leaks for years but, as a recent discussionshows, there is still some disagreement over the best way to preventattackers from learning about the kernel's address-space layout.

SUSE has announcedthat SUSE Studio and the Open Build Service (OBS) will be merged into acombined solution, delivered as SUSE Studio Express."Looking at the feature requests for SUSE Studio on image buildingand looking at our technologies, we decided to use OBS as the base for ourimage building service. Since OBS already builds images for various environments, we will first add a new image building GUI to OBS."

The latest batch of stable kernels has been released: 4.13.5, 4.9.53, 4.4.90, and 3.18.73 are now available. As usual, theycontain fixes throughout the tree; users of those series should upgrade.

The 2017 GNU Tools Cauldron was held September 8 to 10 inPrague. Videos from thesessions are now available. The sessions cover ongoing work with GCC,the GDB debugger, the GNU C Library, and more.

Security updates have been issued by Debian (asterisk and curl), Fedora (kernel), Red Hat (postgresql and samba), Scientific Linux (postgresql), and Ubuntu (firefox and git).

PyPy is a Python interpreter with a focus on performance; the project hasjust announcedits 5.9 release. This version has full support for NumPy and Pandas inPython 2.7, along with many other improvements. The Python 3.5interpreter is still described as "beta quality".

Version 10 of thePostgreSQL database management system has been released. "A criticalfeature of modern workloads is the ability to distribute data across manynodes for faster access, management, and analysis, which is also known as a'divide and conquer' strategy. The PostgreSQL 10 release includessignificant enhancements to effectively implement the divide and conquerstrategy, including native logical replication, declarative tablepartitioning, and improved query parallelism." See therelease notes and this LWN article fromJune for details.

The LWN.net Weekly Edition for October 5, 2017 is available.

A lot was discussed and presented in the three hours allotted to the Testingand Fuzzing microconference at this year's Linux Plumbers Conference(LPC), but some spilled out of that slot. We have already looked at some discussions on kernel testing that occurred both before and during themicroconference. Much of the rest of the discussion is summarized in thearticle from this week's edition, which subscribers can access from thelink below.

Security updates have been issued by Debian (asterisk and qemu), openSUSE (liblouis, libraw, nextcloud, and tiff), and Ubuntu (ocaml).

The LEDE project has announced a "service release" of its routerdistribution. "LEDE 17.01.3 'Reboot' incorporates a fair number offixes back ported from the development branch during the last sixteenweeks." Included therein is a pile of security updates, includingfixes for the recently disclosed dnsmasq vulnerabilities.

Odoo is, according to Wikipedia,"the most popular open source ERP system." Thus, any survey of open-source accounting systems must certainly take alook in that direction. This episode in theongoing search for a suitable accounting system for LWN examines theaccounting features of Odoo; unfortunately, it comes up a bit short.

The Evergreen community has announced therelease of Evergreen 3.0.0, software for libraries. This releaseincludes community support of the web staff client for production use,serials and offline circulation modules for the web staff client,improvements to the display of headings in the public catalog browse list,and more.

Fedora Magazine has announcedthe release of Fedora 27 beta, including Fedora Workstation and FedoraAtomic Host. For those wondering about the server edition, thisarticle has the answer. "The Modularity project was designed to allow shipping different parts of the projects on different timelines. So, the Server team is starting that now — expect a Fedora 27 Server beta powered by Modularity in a few weeks. The general Fedora 27 release will come in early November, and then Fedora 27 Server will arrive in final form about a month later."

FreeBSD 10.4 has been released.This release features full support for eMMC storage, as well as manyupdates and improvements. The releasenotes contain more details.

Jens Axboe is themaintainer of the block layer of the kernel. In this capacity,he spoke at Kernel Recipes2017 on what's new in the storage world for Linux, with a particular focus on the new block-multiqueue subsystem:the degree to which it's been adopted, a number of optimizations thathave recently been made, and a bit of speculation abouthow it will further improve in the future.Subscribers can click below for a report from the Kernel Recipes talk byguest author Tom Yates.

Security updates have been issued by CentOS (dnsmasq), Debian (dnsmasq and git), Fedora (ejabberd, firefox, mingw-LibRaw, openvpn, and perl), openSUSE (dnsmasq, git, Mozilla Firefox and NSS, and otrs), Oracle (dnsmasq), Red Hat (dnsmasq), Scientific Linux (dnsmasq), Slackware (dnsmasq), SUSE (dnsmasq), and Ubuntu (dnsmasq, firefox, libidn, and poppler).

While the adoption of OpenPGP by the general population is marginal atbest, it is a critical component for the security community andparticularly for Linux distributions. For example, every packageuploaded into Debian is verified by the central repository using themaintainer's OpenPGP keys and therepository itself is, in turn, signed using a separate key. If upstream packages also use such signatures, thiscreates a complete trust path from the original upstream developer tousers.Beyond that, pull requests for the Linux kernel are verified using signatures as well.Therefore, the stakes are high: a compromise of the release key, oreven of a single maintainer's key, could enable devastatingattacks against many machines.

Security updates have been issued by Arch Linux (dnsmasq), CentOS (firefox and nss), Debian (firefox-esr, ghostscript, libidn2-0, opencv, and otrs2), Fedora (moodle, php-horde-nag, php-horde-passwd, php-horde-wicked, php-symfony-security-acl, pkgconf, and xen), openSUSE (spice and weechat), Scientific Linux (firefox and nss), Slackware (openexr), SUSE (xen), and Ubuntu (ca-certificates, dnsmasq, and nss).

James Morris has posted asummary of the recently concluded Linux Security Summit."I was particularly interested in the topic of better integrating LSMwith containers, as there is an increasingly common requirement for nestingof security policies, where each container may run its own apparentlyindependent security policy, and also a potentially independent securitymodel. I proposed the approach of introducing a security namespace, whereall security interfaces within the kernel are namespaced, including LSM.It would potentially solve the container use-cases, and also the full LSMstacking case championed by Casey Schaufler (which would allow entirelyarbitrary stacking of security modules)."