LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, March 13th, 2019

    Time Event
    2:57p
    Cook: security things in Linux v5.0
    Kees Cook reviews
    some of the security-related enhancements     in the 5.0 kernel.
    "While the C language has a statement to indicate the end of a switch
    case ('break'), it doesn’t have a statement to indicate that execution
    should fall through to the next case statement (just the lack of a 'break'
    is used to indicate it should fall through — but this is not always the
    case), and such 'implicit fall-through' may lead to bugs. Gustavo Silva has
    been the driving force behind fixing these since at least v4.14, with well
    over 300 patches on the topic alone (and over 20 missing break statements
    found and fixed as a result of the work). The goal is to be able to add
    -Wimplicit-fallthrough to the build so that the kernel will stay entirely
    free of this class of bug going forward. From roughly 2300 warnings, the
    kernel is now down to about 200. It’s also worth noting that with Stephen
    Rothwell’s help, this bug has been kept out of linux-next by him sending
    warning emails to any tree maintainers where a new instance is introduced
    (for example, here’s a bug introduced on Feb 20th and fixed on Feb
    21st    ).    "
    3:11p
    Security updates for Wednesday
    Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent).
    4:08p
    [$] Python dictionary "addition" and "subtraction"

    A proposal to add a new dictionary operator for Python has spawned a PEP and two large threads on the python-ideas mailing list. To a certain extent, it is starting to look a bit like the "PEP 572 mess"; there are plenty of opinions on whether the feature should be implemented and how it should be spelled, for example. As yet, there has been no formal decision made on how the new steering council will be handling PEP pronouncements, though a review of open PEPs is the council's "highest priority". This PEP will presumably be added into the process; it is likely too late to be included in Python 3.8 even if it were accepted soon, so there is plenty of time to figure it all out before 3.9 is released sometime in 2021.

    11:13p
    [$] Turris: secure open-source routers

    The Czech Republic top-level domain registrar, CZ.NIC, wondered about the safety of home routers, so it set out to gather some information on the prevalence of attacks against them. It turns out that one good way to do that is to create a home router that logs statistics and other information. Michal Hrušecký from CZ.NIC came to the 2019 Southern California Linux Expo (SCALE 17x) in Pasadena, CA to describe the experiment and how it grew into a larger project that makes and sells open-source routers.

    << Previous Day 2019/03/13
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org