Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #368: Failure to adjust for daylight savings time.

comp / comp.os.linux.advocacy / The Security Circus Continues

SubjectAuthor
* The Security Circus ContinuesLester Thorpe
+- Re: The Security Circus Continuesbad sector
+* Re: The Security Circus ContinuesThe Natural Philosopher
|`- Re: The Security Circus ContinuesLester Thorpe
`* Re: The Security Circus ContinuesD
 `- Re: The Security Circus ContinuesLester Thorpe

1
Subject: The Security Circus Continues
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy, comp.os.linux.misc, alt.os.linux
Followup: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Wed, 18 Sep 2024 10:32 UTC
From: lt@gnu.rocks (Lester Thorpe)
Subject: The Security Circus Continues
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc,alt.os.linux
Followup-To: comp.os.linux.advocacy
Mime-Version: 1.0
User-Agent: Don't Look Here the Joke's in Your Pants
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 34
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Wed, 18 Sep 2024 10:32:06 +0000
Nntp-Posting-Date: Wed, 18 Sep 2024 10:32:06 +0000
X-Received-Bytes: 1590
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
View all headers

The security circus continues... (what else can it do?)

Kernel 6.11 has added yet more security garbage:

SLAB_BUCKETS

"Kernel heap attacks frequently depend on being able to create
specifically-sized allocations with user-controlled contents
that will be allocated into the same kmalloc bucket as a
target object. To avoid sharing these allocation buckets,
provide an explicitly separated set of buckets to be used for
user-controlled allocations. This may very slightly increase
memory fragmentation, though in practice it's only a handful
of extra pages since the bulk of user-controlled allocations
are relatively long-lived."

The rationale:

"many heap memory spraying/grooming attacks depend on using
userspace-controllable dynamically sized allocations to collide with
fixed size allocations that end up in same cache"

Yeah, sure.

Like who/what the fuck will ever attempt that on my personal
desktop workstation?

Just say "No." Keep your fucking security hallucinations off
of my fucking machine.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: The Security Circus Continues
From: bad sector
Newsgroups: comp.os.linux.advocacy
Date: Wed, 18 Sep 2024 13:00 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!border-1.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-3.nntp.ord.giganews.com!news.giganews.com.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 18 Sep 2024 13:00:33 +0000
Date: Wed, 18 Sep 2024 09:00:33 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: forgetski@_INVALID.net (bad sector)
Subject: Re: The Security Circus Continues
Newsgroups: comp.os.linux.advocacy
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
Content-Language: hu-HU
In-Reply-To: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <0ASdnZER54xvU3f7nZ2dnZfqnPednZ2d@giganews.com>
Lines: 48
X-Usenet-Provider: http://www.giganews.com
X-Trace: sv3-HbnaoCpDN91crpAs/j4arD7GhsdADogZLnFBSYG4CP0wXDY9Sfx3QmuyL4JO1iWb4AXpZAD6jCELXAe!AwfgUgPZQChqJGZgQasuqZi0Zrk0ry1/Q6xI41udufr1jpx4YDbCCGGmrX7BepqUMAr+uX5dFSwA
X-Complaints-To: abuse@giganews.com
X-DMCA-Notifications: http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
View all headers

On 9/18/24 06:32, Lester Thorpe wrote:
> The security circus continues... (what else can it do?)
>
> Kernel 6.11 has added yet more security garbage:
>
> SLAB_BUCKETS
>
> "Kernel heap attacks frequently depend on being able to create
> specifically-sized allocations with user-controlled contents
> that will be allocated into the same kmalloc bucket as a
> target object. To avoid sharing these allocation buckets,
> provide an explicitly separated set of buckets to be used for
> user-controlled allocations. This may very slightly increase
> memory fragmentation, though in practice it's only a handful
> of extra pages since the bulk of user-controlled allocations
> are relatively long-lived."
>
> The rationale:
>
> "many heap memory spraying/grooming attacks depend on using
> userspace-controllable dynamically sized allocations to collide with
> fixed size allocations that end up in same cache"
>
> Yeah, sure.
>
> Like who/what the fuck will ever attempt that on my personal
> desktop workstation?
>
> Just say "No." Keep your fucking security hallucinations off
> of my fucking machine.

I now use only one distro with systemd, the other 5 don't even have it
as an option. It's all part of "embrace & extend", reminding me of
mozilla become an out of control behemoth on steroids starting to rattle
and crack at the seams (which is exactly how some virii attack their
target cells making them explode). What happens when systemd by virtue
of its size and reach starts dictating kernel development (I wanna hear
10-4 or roger-that)? Curtains for Linux, that's what! You'll interdict
more risks by using a usb wifi for PHYSICAL CONTROL instead of a
built-in and software controlled card than systemd will ever catch even
in the hypothetical case of it being an honest effort. I'll permit
myself to cite a revealing tidbit from 'Paul' in another thread the
other day:

"The most scary thing in the last two weeks, was discovering Poettering
works at Microsoft now."

Subject: Re: The Security Circus Continues
From: The Natural Philosop
Newsgroups: comp.os.linux.advocacy
Organization: A little, after lunch
Date: Wed, 18 Sep 2024 13:51 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tnp@invalid.invalid (The Natural Philosopher)
Newsgroups: comp.os.linux.advocacy
Subject: Re: The Security Circus Continues
Date: Wed, 18 Sep 2024 14:51:10 +0100
Organization: A little, after lunch
Lines: 48
Message-ID: <vcelse$309i$1@dont-email.me>
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 18 Sep 2024 15:51:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="cad8c3801d141338b68f94d2dc749d7e";
logging-data="98610"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19WD3bU5UzOPUAO/ThMcXlSzakFsdG/duk="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:XmuFXDW2vjTwORjAN+A0+Lj5eIg=
Content-Language: en-GB
In-Reply-To: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
View all headers

On 18/09/2024 11:32, Lester Thorpe wrote:
> The security circus continues... (what else can it do?)
>
> Kernel 6.11 has added yet more security garbage:
>
> SLAB_BUCKETS
>
> "Kernel heap attacks frequently depend on being able to create
> specifically-sized allocations with user-controlled contents
> that will be allocated into the same kmalloc bucket as a
> target object. To avoid sharing these allocation buckets,
> provide an explicitly separated set of buckets to be used for
> user-controlled allocations. This may very slightly increase
> memory fragmentation, though in practice it's only a handful
> of extra pages since the bulk of user-controlled allocations
> are relatively long-lived."
>
> The rationale:
>
> "many heap memory spraying/grooming attacks depend on using
> userspace-controllable dynamically sized allocations to collide with
> fixed size allocations that end up in same cache"
>
> Yeah, sure.
>
> Like who/what the fuck will ever attempt that on my personal
> desktop workstation?
>
> Just say "No." Keep your fucking security hallucinations off
> of my fucking machine.
>
Well yes. More relevant to those running big internet hosted web servers
with many users having limited access that they might escalate.

But its symptomatic of modern Leftist thinking. Let's spend our time
solving unusual and interesting problems that we enjoy and can easily
solve rather than tackling the hard ones that require effort.

>
>

--
“when things get difficult you just have to lie”

― Jean Claud Jüncker

Subject: Re: The Security Circus Continues
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Wed, 18 Sep 2024 14:16 UTC
References: 1 2
From: lt@gnu.rocks (Lester Thorpe)
Subject: Re: The Security Circus Continues
Newsgroups: comp.os.linux.advocacy
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com> <vcelse$309i$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 22
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Wed, 18 Sep 2024 14:16:53 +0000
Nntp-Posting-Date: Wed, 18 Sep 2024 14:16:53 +0000
X-Received-Bytes: 1039
X-Complaints-To: abuse@usenetexpress.com
Organization: UsenetExpress - www.usenetexpress.com
Message-Id: <17f65c51e0f36f5b$35162$3969136$802601b3@news.usenetexpress.com>
View all headers

On Wed, 18 Sep 2024 14:51:10 +0100, The Natural Philosopher wrote:

>
> Well yes. More relevant to those running big internet hosted web servers
> with many users having limited access that they might escalate.
>

Of course. But regardless, every GNU/Linux distro will have this
enabled.

And by "every" I mean the Big Three, RedHat, Debian, and Arch,
from which every other distro is derived.

There is still plenty of choice in GNU/Linux land, but it is
not at all manifest.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: The Security Circus Continues
From: D
Newsgroups: comp.os.linux.advocacy
Organization: i2pn2 (i2pn.org)
Date: Wed, 18 Sep 2024 19:50 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: nospam@example.net (D)
Newsgroups: comp.os.linux.advocacy
Subject: Re: The Security Circus Continues
Date: Wed, 18 Sep 2024 21:50:18 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <12842d42-522d-8e22-aca4-31eefcbc264b@example.net>
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Injection-Info: i2pn2.org;
logging-data="2564158"; mail-complaints-to="usenet@i2pn2.org";
posting-account="w/4CleFT0XZ6XfSuRJzIySLIA6ECskkHxKUAYDZM66M";
X-Spam-Checker-Version: SpamAssassin 4.0.0
In-Reply-To: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
View all headers

On Wed, 18 Sep 2024, Lester Thorpe wrote:

> The security circus continues... (what else can it do?)
>
> Kernel 6.11 has added yet more security garbage:
>
> SLAB_BUCKETS
>
> "Kernel heap attacks frequently depend on being able to create
> specifically-sized allocations with user-controlled contents
> that will be allocated into the same kmalloc bucket as a
> target object. To avoid sharing these allocation buckets,
> provide an explicitly separated set of buckets to be used for
> user-controlled allocations. This may very slightly increase
> memory fragmentation, though in practice it's only a handful
> of extra pages since the bulk of user-controlled allocations
> are relatively long-lived."
>
> The rationale:
>
> "many heap memory spraying/grooming attacks depend on using
> userspace-controllable dynamically sized allocations to collide with
> fixed size allocations that end up in same cache"
>
> Yeah, sure.
>
> Like who/what the fuck will ever attempt that on my personal
> desktop workstation?
>
> Just say "No." Keep your fucking security hallucinations off
> of my fucking machine.
>

You do realize that the major use case for linux us not personal desktops
but servers?

And further, you are blessed! Due to linux nature, you can choose freely
which version of the kernel you want to run.

Subject: Re: The Security Circus Continues
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Wed, 18 Sep 2024 20:40 UTC
References: 1 2
From: lt@gnu.rocks (Lester Thorpe)
Subject: Re: The Security Circus Continues
Newsgroups: comp.os.linux.advocacy
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com> <12842d42-522d-8e22-aca4-31eefcbc264b@example.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 26
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Wed, 18 Sep 2024 20:40:21 +0000
Nntp-Posting-Date: Wed, 18 Sep 2024 20:40:21 +0000
X-Received-Bytes: 1269
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17f6713ed8ca665b$25947$44983$802601b3@news.usenetexpress.com>
View all headers

On Wed, 18 Sep 2024 21:50:18 +0200, D wrote:

>
> You do realize that the major use case for linux us not personal desktops
> but servers?
>

Of course I realize.

>
> And further, you are blessed! Due to linux nature, you can choose freely
> which version of the kernel you want to run.
>

Can I choose? As I indicated earlier the Big Three distros, RedHat,
Debian, and Arch, from which all other distro are derived, will
certainly include this latest security "feature." Thus, if I use
any distro at all I really cannot choose.

Fortunately, for myself, I use a customized Gentoo and I can eliminate
all that security cruft. But the average desktop user is stranded
and helpless.

--
Systemd: solving all the problems that you never knew you had.

1

rocksolid light 0.9.8
clearnet tor