Language Selection

English French German Italian Portuguese Spanish

LWN on Security and Kernel (Paywall Has Ended)

Filed under
Linux
Security
  • A container-confinement breakout

    The recently announced container-confinement breakout for containers started with runc is interesting from a few different perspectives. For one, it affects more than just runc-based containers as privileged LXC-based containers (and likely others) are also affected, though the LXC-based variety are harder to compromise than the runc ones. But it also, once again, shows that privileged containers are difficult—perhaps impossible—to create in a secure manner. Beyond that, it exploits some Linux kernel interfaces in novel ways and the fixes use a perhaps lesser-known system call that was added to Linux less than five years back.

    The runc tool implements the container runtime specification of the Open Container Initiative (OCI), so it is used by a number of different containerization solutions and orchestration systems, including Docker, Podman, Kubernetes, CRI-O, and containerd. The flaw, which uses the /proc/self/exe pseudo-file to gain control of the host operating system (thus anything else, including other containers, running on the host), has been assigned CVE-2019-5736. It is a massive hole for containers that run with access to the host root user ID (i.e. UID 0), which, sadly, covers most of the containers being run today.

    There are a number of sources of information on the flaw, starting with the announcement from runc maintainer Aleksa Sarai linked above. The discoverers, Adam Iwaniuk and Borys Popławski, put out a blog post about how they found the hole, including some false steps along the way. In addition, one of the LXC maintainers who worked with Sarai on the runc fix, Christian Brauner, described the problems with privileged containers and how CVE-2019-5736 applies to LXC containers. There is a proof of concept (PoC) attached to Sarai's announcement, along with another more detailed PoC he posted the following day after the discoverers' blog post.

  • The Thunderclap vulnerabilities

    It should come as no surprise that plugging untrusted devices into a computer system can lead to a wide variety of bad outcomes—though often enough it works just fine. We have reported on a number of these kinds of vulnerabilities (e.g. BadUSB in 2014) along the way. So it will not shock readers to find out that another vulnerability of this type has been discovered, though it may not sit well that, even after years of vulnerable plug-in buses, there are still no solid protections against these rogue devices. This most-recent entrant into this space targets the Thunderbolt interface; the vulnerabilities found have been dubbed "Thunderclap".

    There are several different versions of Thunderbolt, either using Mini DisplayPort connectors (Thunderbolt 1 and 2) or USB Type-C (Thunderbolt 3). According to the long list of researchers behind Thunderclap, all of those are vulnerable to the problems they found. Beyond that, PCI Express (PCIe) peripherals are also able to exploit the Thunderclap vulnerabilities, though they are a bit less prone to hotplugging. Thunderclap is the subject of a paper [PDF] and web site. It is more than just a bunch of vulnerabilities, however, as there is a hardware and software research platform that they have developed and released. A high-level summary of the Thunderclap paper was posted to the Light Blue Touchpaper blog by Theo Markettos, one of the researchers, at the end of February.

  • Core scheduling

    Kernel developers are used to having to defend their work when posting it to the mailing lists, so when a longtime kernel developer describes their own work as "expensive and nasty", one tends to wonder what is going on. The patch set in question is core scheduling from Peter Zijlstra. It is intended to make simultaneous multithreading (SMT) usable on systems where cache-based side channels are a concern, but even its author is far from convinced that it should actually become part of the kernel.
    SMT increases performance by turning one physical CPU into two virtual CPUs that share the hardware; while one is waiting for data from memory, the other can be executing. Sharing a processor this closely has led to security issues and concerns for years, and many security-conscious users disable SMT entirely. The disclosure of the L1 terminal fault vulnerability in 2018 did not improve the situation; for many, SMT simply isn't worth the risks it brings with it.

    But performance matters too, so there is interest in finding ways to make SMT safe (or safer, at least) to use in environments with users who do not trust each other. The coscheduling patch set posted last September was one attempt to solve this problem, but it did not get far and has not been reposted. One obstacle to this patch set was almost certainly its complexity; it operated at every level of the scheduling domain hierarchy, and thus addressed more than just the SMT problem.

    Zijlstra's patch set is focused on scheduling at the core level only, meaning that it is intended to address SMT concerns but not to control higher-level groups of physical processors as a unit. Conceptually, it is simple enough. On kernels where core scheduling is enabled, a core_cookie field is added to the task structure; it is an unsigned long value. These cookies are used to define the trust boundaries; two processes with the same cookie value trust each other and can be allowed to run simultaneously on the same core.

  • A kernel unit-testing framework

    March 1, 2019 For much of its history, the kernel has had little in the way of formal testing infrastructure. It is not entirely an exaggeration to say that testing is what the kernel community kept users around for. Over the years, though, that situation has improved; internal features like kselftest and services like the 0day testing system have increased our test coverage considerably. The story is unlikely to end there, though; the next addition to the kernel's testing arsenal may be a unit-testing framework called KUnit.

    The KUnit patches, currently in their fourth revision, have been developed by Brendan Higgins at Google. The intent is to enable the easy and rapid testing of kernel components in isolation — unit testing, in other words. That distinguishes KUnit from kernel's kselftest framework in a couple of significant ways. Kselftest is intended to verify that a given feature works in a running kernel; the tests run in user space and exercise the kernel that the system booted. They thus can be thought of as a sort of end-to-end test, ensuring that specific parts of the entire system are behaving as expected. These tests are important to have, but they do not necessarily test specific kernel subsystems in isolation from all of the others, and they require actually booting the kernel to be tested.

    KUnit, instead, is designed to run more focused tests, and they run inside the kernel itself. To make this easy to do in any setting, the framework makes use of user-mode Linux (UML) to actually run the tests. That may come as a surprise to those who think of UML as a dusty relic from before the kernel had proper virtualization support (its home page is hosted on SourceForge and offers a bleeding-edge 2.6.24 kernel for download), but UML has been maintained over the years. It makes a good platform for something like KUnit without rebooting the host system or needing to set up virtualization.

  • Two topics in user-space access

    Kernel code must often access data that is stored in user space. Most of the time, this access is uneventful, but it is not without its dangers and cannot be done without exercising due care. A couple of recent discussions have made it clear that this care is not always being taken, and that not all kernel developers fully understand how user-space access should be performed. The good news is that kernel developers are currently working on a set of changes to make user-space access safer in the future.

More in Tux Machines

today's leftovers

  • Hardware Review - The ZaReason Virtus 9200 Desktop
  • Chrome OS 76 will disable Crostini Linux backups by default
    Essentially, this is still a work in progress feature. And I shouldn’t be terribly surprised by that, even though in my experience, the functionality hasn’t failed me yet. That’s because we know that the Chromium team is considering on a way to backup and restore Linux containers directly from the Files app on a Chromebook. That proposal is targeted for Chrome OS 78, so this gives the team more time to work that out, as well as any other nits that might not be quite right with the current implementation.
  • Andrei Lisita: Something to show for
    Unfortunately along with the progress that was made we also encountered a bug with the NintendoDS core that causes Games to crash if we attempt to load a savestate. We are not yet 100% sure if the bug is caused by my changes or by the NintendoDS core itself. I hope we are able to fix it by the end of the summer although I am not even sure where to start since savestates are working perfectly fine with other cores. Another confusing matter about this is that the Restart/Resume Dialog works fine with the NintendoDS core and it also uses savestates. This led me to believe that perhaps cores can be used to load savestates only once, but this can’t be the problem since we re-instantiate the core every time we load a savestate. In the worst case we might just have to make a special case for the NintendoDS core and not use savestates with it, except for the Resume/Restart dialog. This would sadden me deeply since there are plenty of NintendoDS games which could benefit from this feature.
  • OSMC's June update is here with Kodi v18.3
    Team Kodi recently announced the 18.3 point release of Kodi Leia. We have now prepared this for all supported OSMC devices and added some improvements and fixes. Here's what's new:

OSS Leftovers

  • A comparison of open source, real-time data streaming platforms
    A variety of open source, real-time data streaming platforms are available today for enterprises looking to drive business insights from data as quickly as possible. The options include Spark Streaming, Kafka Streams, Flink, Hazelcast Jet, Streamlio, Storm, Samza and Flume -- some of which can be used in tandem with each other. Enterprises are adopting these real-time data streaming platforms for tasks such as making sense of a business marketing campaign, improving financial trading or recommending marketing messages to consumers at critical junctures in the customer journey. These are all time-critical areas that can be used for improving business decisions or baked into applications driven by data from a variety of sources.
  • Amphenol’s Jason Ellison on Signal Integrity Careers and His Free, Open Source PCB Design Software
    Ellison, Senior Staff Signal Integrity Engineer at Amphenol ICC, gives his insight on the importance of networking, giving to the EE community, and his open-source signal integrity project. How does signal integrity engineering compare to other EE fields? What are open-source resources worth these days? What makes for a good work life for an engineer? Learn this and more in this Engineer Spotlight! Jason Ellison started down the path to becoming an electrical engineer because someone told him it was "fun and easy if you're good at math." In this interview with AAC's Mark Hughes, Ellison—a Senior Staff Signal Integrity Engineer at Amphenol ICC—describes how his career has grown from these beginnings into the rewarding and diverse work of signal integrity engineering.
  • Cruise open-sources Webviz, a tool for robotics data analysis [Ed: Releasing a little tool that's part of proprietary software so that it 'feels' more "open"]
    Cruise, the self-driving startup that General Motors acquired for nearly $1 billion in 2016, generates an enormous amount of data by any measure. It orchestrates 200,000 hours of driving simulation jobs daily in Google Cloud Platform, spread across 30,000 virtual cars in an environment running on 300,000 processor cores and 5,000 graphics cards. Both those cars and Cruise’s fleet of over 180 real-world autonomous Chevrolet Bolts make thousands of decisions every second, and they base these decisions on observations captured in binary format from cameras, microphones, radar sensors, and lidar sensors.
  • EWF launches world’s first open source blockchain for the energy industry
    The Energy Web Foundation this week announced that it has launched the world’s first public, open-source, enterprise-grade blockchain tailored to the energy sector: the Energy Web Chain (EW Chain). More than ten Energy Web Foundation (EWF) Affiliates — including utilities, grid operators, and blockchain developers — are hosting validator nodes for the live network, according to the company.
  • Pimcore Releases Pimcore 6.0, Amplifying User-Friendly Digital Experiences Through Open Source
    Pimcore, the leading open-source platform for data and customer experience management, has released the most powerful version of the Pimcore platform, Pimcore 6.0. The updated platform includes a new user interface that seamlessly connects MDM/PIM, DAM, WCM, and digital commerce capabilities to create more advanced and user-friendly experiences quickly and efficiently.
  • VCV Rack reaches version 1.0.0: free and open-source modular synth gets a full release
    VCV Rack is a free, open-source modular software synth that’s been gaining ground for a couple of years, but only now has it reached the significant milestone of version 1.0. Designed to replicate the feeling of having a hardware modular synth on your desktop, VCV Rack enables you to add both free and paid-for modules, and now supports polyphony of up to 16 voices. There’s MIDI Output, too with CV-Gate, CV-MIDI and CV-CC modules enabling you to interface with drum machines, desktop synths and Eurorack gear.
  • Flying Above the Shoulders of Giants
    Thanks to open-source platforms, developers can stand on the shoulders of software giants to build bigger and better things. Linux is probably the biggest...
  • MIT Researchers Open-Source AutoML Visualization Tool ATMSeer
    A research team from MIT, Hong Kong University, and Zhejiang University has open-sourced ATMSeer, a tool for visualizing and controlling automated machine-learning processes. Solving a problem with machine learning (ML) requires more than just a dataset and training. For any given ML tasks, there are a variety of algorithms that could be used, and for each algorithm there can be many hyperparameters that can be tweaked. Because different values of hyperparameters will produce models with different accuracies, ML practitioners usually try out several sets of hyperparameter values on a given dataset to try to find hyperparameters that produce the best model. This can be time-consuming, as a separate training job and model evaluation process must be conducted for each set. Of course, they can be run in parallel, but the jobs must be setup and triggered, and the results recorded. Furthermore, choosing the particular values for hyperparameters can involve a bit of guesswork, especially for ones that can take on any numeric value: if 2.5 and 2.6 produce good results, maybe 2.55 would be even better? What about 2.56 or 2.54?
  • Open-Source Cybersecurity Tool to Enhance Grid Protection
    A revolutionary new cybersecurity tool that can help protect the electric power grid has been released to the public on the code-hosting website GitHub.
  • Quick notes for Mozilla Whistler All Hands 2019
  • Deeper into the data fabric with MongoDB
    However, to gain access to rich search functionality, many organisations pair their database with a search engine such as Elasticsearch or Solr, which MongoDB claims can complicate development and operations — because we end up with two entirely separate systems to learn, maintain and scale.

Raspberry Pi 4 is here!

The latest version of the Raspberry Pi—Raspberry Pi 4—was released today, earlier than anticipated, featuring a new 1.5GHz Arm chip and VideoCore GPU with some brand new additions: dual-HDMI 4K display output; USB3 ports; Gigabit Ethernet; and multiple RAM options up to 4GB. The Raspberry Pi 4 is a very powerful single-board computer and starts at the usual price of $35. That gets you the standard 1GB RAM, or you can pay $45 for the 2GB model or $55 for the 4GB model—premium-priced models are a first for Raspberry Pi. Read more

Open Data, Open Access and Open Hardware

  • DoD’s Joint AI Center to open-source natural disaster satellite imagery data set
    As climate change escalates, the impact of natural disasters is likely to become less predictable. To encourage the use of machine learning for building damage assessment this week, Carnegie Mellon University’s Software Engineering Institute and CrowdAI — the U.S. Department of Defense’s Joint AI Center (JAIC) and Defense Innovation Unit — open-sourced a labeled data set of some of the largest natural disasters in the past decade. Called xBD, it covers the impact of disasters around the globe, like the 2010 earthquake that hit Haiti. “Although large-scale disasters bring catastrophic damage, they are relatively infrequent, so the availability of relevant satellite imagery is low. Furthermore, building design differs depending on where a structure is located in the world. As a result, damage of the same severity can look different from place to place, and data must exist to reflect this phenomenon,” reads a research paper detailing the creation of xBD. [...]

    xBD includes approximately 700,000 satellite images of buildings before and after eight different kinds of natural disasters, including earthquakes, wildfires, floods, and volcanic eruptions. Covering about 5,000 square kilometers, it contains images of floods in India and Africa, dam collapses in Laos and Brazil, and historic deadly fires in California and Greece.

    The data set will be made available in the coming weeks alongside the xView 2.0 Challenge to unearth additional insights from xBD, coauthor and CrowdAI machine learning lead Jigar Doshi told VentureBeat. The data set collection effort was informed by the California Air National Guard’s approach to damage assessment from wildfires.

  • Open-source textbooks offer free alternative for UC Clermont students
    Some UC Clermont College students are avoiding paying hundreds of dollars for textbooks — and getting the content for free — thanks to online open-source textbooks, a growing trend among faculty at the college and throughout higher education. UC Clermont Dean Jeff Bauer, who is also a professor of business, said the benefits of open textbooks are many. “All students have the book on the first day of class, it saves them a lot of money, and the information can be accessed anywhere, anytime, without carrying around a heavy textbook,” Bauer said. “They don’t need to visit the bookstore before or after each semester to buy or sell back books, either.”
  • Open Source Computer Controlled Loom Knits Pikachu For You
    The origin story of software takes us back past punch card computers and Babbage's Difference Engine to a French weaver called Joseph Marie Jacquard.
  • Successful open-source RISC-V microcontroller launched through crowdfunding
    X-FAB Silicon Foundries, together with crowd-sourcing IC platform partner Efabless Corporation, launched the first-silicon availability of the Efabless RISC-V SoC reference design. This open-source semiconductor project went from start of design to tape-out in less than three months employing the Efabless design flow produced on open-source tools. The mixed-signal SoC, called Raven, is based on the community developed ultra-low power PicoRV32 RISC-V core. Efabless has bench-tested the Raven at 100MHz, and based on simulations, the solution should operate at up to 150MHz.
  • Open Hardware: Open-Source MRI Scanners Could Bring Enormous Cost Savings
    Wulfsberg explore the possibilities of open source MRI scanning. As open-source technology takes its place around the world—everywhere from makerspaces to FabLabs, users on every level have access to design and innovation. In allowing such access to MRI scanning, the researchers realize the potential for ‘technological literacy’ globally—and with MRIs specifically, astronomical sums could be saved in healthcare costs. The authors point out that medical technology is vital to the population of the world for treating not only conditions and illnesses, but also disabilities. As so many others deeply involved in the world of technology and 3D printing realize, with greater availability, accessibility, and affordability, huge strides can be made to improve and save lives. Today, with so many MRI patents expiring, the technology is open for commercialization.