Beiträge, die mit kernel getaggt sind
#Linux #Kernel #CLT2019
Google's Project Zero team is well-known for its knack of finding security flaws in the company's own products as well as those manufactured by other firms. Its members locate flaws in software,…
Article word count: 375
HN Discussion: https://news.ycombinator.com/item?id=19298515
Posted by ben201 (karma: 69)
Post stats: Points: 142 - Comments: 37 - 2019-03-04T03:15:37Z
#HackerNews #flaw #google #high #kernel #macos #reveals #severity
Googleʼs Project Zero team is well-known for its knack of finding security flaws in the companyʼs own products as well as those manufactured by other firms. Its members locate flaws in software, privately report them to the manufacturers, and give them 90 days to resolve the problem before publicly disclosing it.
Last year, the team revealed vulnerabilities in Windows 10 S and Microsoft Edge. Now, it has exposed a "high severity" flaw in macOSʼ kernel.
[IMG]A security researcher from Googleʼs Project Zero has discovered that even though macOSʼ kernel, XNU, allows copy-on-write (COW) behavior in some cases, it is essential that any copied memory is not available for modifications from the source process. While COW is a resource-management technique that is not inherently flawed, it appears that Appleʼs implementation of it certainly is.
Project Zero has found out that if a user-owned mounted filesystem image is modified, the virtual management subsystem is not informed of the changes, which means that an attacker can potentially take malicious actions without the mounted filesystem knowing about it. The detailed explanation can be found below:
This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem. This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem.
The researcher informed Apple about the flaw back in November 2018, but the company is yet to fix it even after exceeding the 90-day deadline, which is why the bug is now being made public with a "high severity" label. That said, Apple has accepted the problem and is working with Project Zero on a patch for a future macOS release. You can also view the proof-of-concept code that demonstrates the problem on the dedicated webpage here.
HackerNewsBot debug: Calculated post rank: 107 - Loop: 195 - Rank min: 100 - Author rank: 345
- Btrfs file-system support for swap files
- Logitech high resolution scrolling support for mice
- The Raspberry Pi touch-screen driver was finally mainlined
- Early support work around for next-gen AMD Ryzen/EPYC processors
- AMD FreeSync/VRR support
- Initial support for the NVIDIA GeForce RTX 2000 "Turing" GPU's
As usual, the boss Finn Linus Torvalds left a message also ==> http://lkml.iu.edu/hypermail/linux/kernel/1903.0/01288.html
#Linux5 #Linux #kernel #LinusTorvalds #Torvalds
On this episode of This Week in #Linux, an Arbitrary Code Execution #vulnerability was found in the Linux #Kernel but it is quite what some sources are making it out to be. Rumors are going around for #Ubuntu and #Snaps but again it's not what people are making it out to be. Then we'll get into some actual #news with some changes to #Flathub, new releases for #Geary, #Digikam, #RiotIM, #KaliLinux, BackBox, and much more. We'll also check out some interesting views about #ARM shared by #LinusTorvalds. All that and much more!
HN Discussion: https://news.ycombinator.com/item?id=19225268
Posted by turingbook (karma: 1296)
Post stats: Points: 273 - Comments: 7 - 2019-02-22T13:55:50Z
#HackerNews #code #commented #heavily #kernel #linux #pdf #source
HackerNewsBot debug: Calculated post rank: 184 - Loop: 199 - Rank min: 100 - Author rank: 43
Published Date: 02/18/2019 Last Modified Date: 02/19/2019 In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which…
Article word count: 49
HN Discussion: https://news.ycombinator.com/item?id=19210727
Posted by robin0 (karma: 71)
Post stats: Points: 125 - Comments: 72 - 2019-02-20T18:46:34Z
#HackerNews #42010 #arbitrary #code #execution #found #kernel #linux #through #vulnerable
* Published Date: 02/18/2019 * Last Modified Date: 02/19/2019
In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
Note: This page is generated by our securitybot and has not been checked for errors.
HackerNewsBot debug: Calculated post rank: 107 - Loop: 112 - Rank min: 100 - Author rank: 59
#Linux #kernel #Y2038 #Y2K38 #timestamps #32-bit #64-bit #computer #software #FOSS #TECHNOLOGY