Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Software

OSes

Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now

And he did it without swearing... folks with broken programs may act otherwise

Richard Chirgwin Tue 8 Jan 2019  //  08:03 UTC

The Linux kernel will be tweaked to mitigate data-stealing attacks that exploit system page caches.

As we revealed first over the weekend, a group of experts – including some of the researchers who discovered the Spectre family of chip flaws – worked out how to get operating system page caches to leak information from one application to another. Among other things, a successful exploit would allow malware or rogue logged-in users to swipe sensitive data from application sandboxes that they should not otherwise be able to access.

For Linux environments, the issue has been assigned CVE-2019-5489. That bug database entry notes that remote attacks are possible, for example, by exploiting latency in accessing files via an Apache web server to potentially sniff private data.

The Windows kernel was also vulnerable, and updated for Insider testers ahead of the paper's public reveal on Monday, with the patch due for a formal rollout. Now the Linux kernel has followed suit with this fix to the mincore syscall, which should trickle into distros once it's undergone testing.

New side-channel leak: Boffins bash operating system page caches until they spill secrets

READ MORE

Publishing the patch, kernel chieftain Linus Torvalds wrote that mincore's traditional semantic “exposes a lot of system cache state that it really probably shouldn't, and that users shouldn't really even care about.”

That made fixing the issue relatively straightforward, he added: “So let's try to avoid that information leak by simply changing the semantics to be that mincore() counts actual mapped pages, not pages that might be cheaply mapped if they were faulted.”

As is often the case in software projects, something complex that's just working can remain untouched for a very long time, lest someone breaks it. And such is the case for this syscall. Torvalds noted that mincore semantics were ill-defined from the beginning, though, with a code comment from 2000 stating “later we can get more picky about what 'in core' means precisely.”

Torvalds said the patch shouldn't have any downstream effects. While the update is “a real semantic change,” he hoped that nobody has “any workflow that cares.” If fixing mincore breaks someone's software, Torvalds said, it may be necessary to revisit the code. That, to us, sounds like a real-life scream test. ®
Send us news
15 Comments

AlmaLinux 9.4 beta prepares to tread where RHEL dares not

CIQ also has an alternative approach to compatible kernels with RockyLinux

Gentoo Linux tells AI-generated code contributions to fork off

A good PR move opines community member

Lightweight LXQt 2.0.0 updates to same toolkit as KDE Plasma 6

4-letter survivor's move to Qt 6 means that, love it or hate it, Wayland is looming

Torvalds intentionally complicates his use of indentation in Linux Kconfig

Paramount penguin forces more robust whitespace handling

Fedora 40 is just around the corner with more spins and flavors than ever

KDE edition has the most conspicuous changes, and could become future flagship

Debian spices up APT package manager with a dash of color, squishes ancient bug

2.9 gives a taste of what's to come

German state ditches Windows, Microsoft Office for Linux and LibreOffice

'Complete digital sovereignty' ... sounds familiar

What can be done to protect open source devs from next xz backdoor drama?

What happened, how it was found, and what your vultures have made of it all

Malicious xz backdoor reveals fragility of open source

This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy

Malicious SSH backdoor sneaks into xz, Linux world's data compression library

STOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

CVE-2024-1086 turns the page tables on system admins

First release candidate of Linux kernel 6.9 looks 'fairly normal,' says Torvalds

Improved workqueues mean the end of tasklets is looming at long last