Hírolvasó

Over on the Mozilla blog, Eric Rescorla looks into some of the privacy implications of the Federated Learning of Cohorts (FLoC), which is a Google effort to replace third-party cookies with a different type of identifier that is less trackable. But less tracking does not equal no tracking. "People's interests aren't constant and neither are their FLoC IDs. Currently, FLoC IDs seem to be recomputed every week or so. This means that if a tracker is able to use other information to link up user visits over time, they can use the combination of FLoC IDs in week 1, week 2, etc. to distinguish individual users. This is a particular concern because it works even with modern anti-tracking mechanisms such as Firefox's Total Cookie Protection (TCP). TCP is intended to prevent trackers from correlating visits across sites but not multiple visits to one site. FLoC restores cross-site tracking even if users have TCP enabled."

In a lengthy blog post, Lennart Poettering describes the advantages of using the unique IDs (UUIDs) and flags from the discoverable partitions specification to label the entries in a GUID Partition Table (GPT). That information can be used to tag disk images in a self-descriptive way, so that external configuration files (such as /etc/fstab) are not needed to assemble the filesystems for the running system. Systemd can use this information in a variety of ways, including for running the image in a container: "If a disk image follows the Discoverable Partition Specification then systemd-nspawn has all it needs to just boot it up. Specifically, if you have a GPT disk image in a file foobar.raw and you want to boot it up in a container, just run systemd-nspawn -i foobar.raw -b, and that's it (you can specify a block device like /dev/sdb too if you like). It becomes easy and natural to prepare disk images that can be booted either on a physical machine, inside a virtual machine manager or inside such a container manager: the necessary meta-information is included in the image, easily accessible before actually looking into its file systems."

Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind).

Extended BPF (eBPF), the general-purpose execution engine inside of the Linux kernel, has proved helpful for tracing and monitoring the system, for processing network packets, or generally for extending the behavior of the kernel. So helpful, in fact, that developers working on other operating systems have been watching it. Dave Thaler and Poorna Gaddehosur, on behalf of Microsoft, recently published an implementation of eBPF for Windows. A Linux feature making its way to Windows, in itself, deserves attention. Even more so when that feature has brought new degrees of programmability to the Linux kernel over the last few years. This makes it especially interesting to look at what the new project can do, and to ponder how the current ecosystem might evolve as eBPF begins its journey toward Windows.

On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which "enables an unprivileged local user to get a root shell on the system" CVE-2021-3560 "is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. [...] Why does killing the dbus-send command cause an authentication bypass? The vulnerability is in step four of the sequence of events listed above. What happens if polkit asks dbus-daemon for the UID of connection :1.96, but connection :1.96 no longer exists? dbus-daemon handles that situation correctly and returns an error. But it turns out that polkit does not handle that error correctly. In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0. In other words, it immediately authorizes the request because it thinks the request has come from a root process."

The 5.12.10, 5.10.43, 5.4.125, 4.19.194, 4.14.236, 4.9.272, and 4.4.272 stable kernels have been released. As usual, they contain fixes all over the kernel tree and users of those series should upgrade.

Security updates have been issued by Debian (htmldoc, lasso, and rails), Fedora (exiv2, firefox, and microcode_ctl), openSUSE (python-HyperKitty), Oracle (389-ds-base, qemu-kvm, qt5-qtimageformats, and samba), Red Hat (container-tools:3.0, container-tools:rhel8, postgresql:12, and postgresql:13), Scientific Linux (389-ds-base, hivex, libwebp, qemu-kvm, qt5-qtimageformats, samba, and thunderbird), SUSE (caribou, djvulibre, firefox, gstreamer-plugins-bad, kernel, libopenmpt, libxml2, python-Pillow, qemu, spice, spice-gtk, and ucode-intel), and Ubuntu (rpcbind).

The LWN.net Weekly Edition for June 10, 2021 is available.

Annotations in Python came late to the party; they were introduced in Python 3 as a way to attach information to functions describing their arguments and return values. While that mechanism had obvious applications for adding type information to Python functions, standardized interpretations for the annotations came later with type hints. But evaluating the annotations at function-definition time caused some difficulties, especially with respect to forward references to type names, so a Python Enhancement Proposal (PEP) was created to postpone their evaluation until they were needed. The PEP-described behavior was set to become the default in the upcoming Python 3.10 release, but that is not to be; the postponement of evaluation by default has itself been postponed in the hopes of unwinding things.

Security updates have been issued by Debian (eterm, mrxvt, and rxvt), Mageia (cgal, curl, exiv2, polkit, squid, thunderbird, and upx), openSUSE (firefox and libX11), Oracle (libwebp, nginx:1.18, and thunderbird), Red Hat (.NET 5.0, .NET Core 3.1, 389-ds-base, dhcp, gupnp, hivex, kernel, kernel-rt, libldb, libwebp, microcode_ctl, nettle, postgresql:10, postgresql:9.6, qemu-kvm, qt5-qtimageformats, rh-dotnet50-dotnet, and samba), SUSE (apache2-mod_auth_openidc, firefox, gstreamer-plugins-bad, kernel, libX11, pam_radius, qemu, runc, spice, and spice-gtk), and Ubuntu (intel-microcode and rpcbind).

As movement toward memory-safe languages, and Rust in particular, continues to grow, it is worth looking at one of the larger scale efforts to port C code that has existed for decades to Rust. The uutils project aims to rewrite all of the individual utilities included in the GNU Coreutils project in Rust. Originally created by Jordi Boggiano in 2013, the project aims to provide drop-in replacements for the Coreutils programs, adding the data-race protection and memory safety that Rust provides.

Security updates have been issued by Debian (nginx), Fedora (musl), Mageia (dnsmasq, firefox, graphviz, libebml, libpano13, librsvg, libxml2, lz4, mpv, tar, and vlc), openSUSE (csync2, python-py, and snakeyaml), Oracle (qemu), Red Hat (container-tools:2.0, kernel, kpatch-patch, nettle, nginx:1.16, and rh-nginx116-nginx), Slackware (httpd and polkit), SUSE (389-ds, gstreamer-plugins-bad, shim, and snakeyaml), and Ubuntu (gnome-autoar and isc-dhcp).

The realtime project has been the source of many of the innovations that have found their way into the core kernel in the last fifteen years or so. There is more to it than that, though; the wider realtime community is also doing interesting work in a number of areas that go beyond ensuring deterministic response. One example is Daniel Bristot de Oliveira's runtime verification patch set, which can monitor the kernel to ensure that it is behaving the way one thinks it should.

Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).

The 5.13-rc5 kernel prepatch is out for testing. "Hmm. Things haven't really started to calm down very much yet, but rc5 seems to be fairly average in size. I'm hoping things will start shrinking now."

Back in a distant time — longer ago than he cares to admit — your editor managed a system-administration group. At that time, most of the day-to-day pain reliably came from two types of devices: modems and printers. Modems are more plentiful than ever now, but they have disappeared into interface controllers and (usually) manage to behave themselves. Printers, instead, are still entirely capable of creating problems and forcing a reconsideration of one's life choices. Behind the scenes, though, the situation has been getting better but, as a recent conversation within the Fedora project made clear, taking advantage of those improvements will require some changes and a bit of a leap of faith.

There is a new release of CentOS Linux 8. "Effectively immediately, this is the current release for CentOS Linux 8 and is tagged as 2105, derived from Red Hat Enterprise Linux 8.4 Source Code." See the release notes for the changes in this release.

Security updates have been issued by Debian (lasso), Fedora (mingw-djvulibre, mingw-exiv2, python-lxml, and singularity), openSUSE (ceph, dhcp, inn, nginx, opera, polkit, upx, and xstream), Oracle (firefox, perl, and polkit), Scientific Linux (firefox), SUSE (avahi, csync2, djvulibre, libwebp, polkit, python-py, slurm, slurm_18_08, thunderbird, and umoci), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-oem-5.10, and squid, squid3).