The State of Linux Security (linux-audit.com)
48 points by kungfudoi 3 hours ago | 19 comments





> Backdoor in Linux Mint (February 2016)

> Stop using MD5. If you still use SHA1, then add also the SHA256 or SHA512 hashes.

How did hash strength have anything to do with this? Unless my sources are completely out of whack, the MD5 of the backdoored ISO didn't match the official ISO. My understanding is that there is a vulnerability along these lines, but it requires the official build process to be compromised, whereas this was an edit on the Mint website to point to a malicious file on an attacker-controlled server.

Hashing strength has nothing to do with it. The real lesson is that they should have signed the hash they put on their website and actively encourage users to check it.

Interesting that the site uses TLS, but most of the servers containing the download use plain old HTTP, which as we know, can be easily subjected to a MITM attack.

https://linuxmint.com/edition.php?id=225

Only a few of the ISOs are delivered with TLS/HTTPS, like this one:

https://mirrors.c0urier.net/linux/linuxmint/iso/stable/18.1/...

Properly signed images shouldn't need to be delivered over a secure connection. As long as you can receive a signed hash, and the signing key itself over a secure connection, you can obtain the image itself from anywhere.

True, although sometimes it's good to deliver signed updates over a secure connection for defense-in-depth - for example, to mitigate vulnerabilities like the recent CVE-2016-1252.

and the signed hash is actually checked against the image. Of course, this is the step that is missing because it's a non-mandatory manual process.

Serving the images directly over HTTPS would provide more security for every end user that is not manually checking signing hashes.

The edit to the site was due to the whole thing being Wordpress. I know that Wordpress is decently flexible, "good enough" or even comfortable for many users, even technical ones, my thought is why not have the site be statically hosted instead? Or at least the primary informational pages.

Linux will always be insecure. There's no fixing millions of lines of code running in supervisor mode.

What will happen instead is that the world will move on to a microkernel-based OS.

Wait, Linux did not have stack guard pages and r-x code pages until 4.9?

Pax/Grsecurity fork probably has it for some time, but not mainline tree (i.e "torvalds" linux).

Linux doesn't power the smallest devices in the world. It's about two orders of magnitude too large out at the low end.

Would it be fair to say that, by and large, it powers the smallest general-purpose computers?

Out of interest, what does?

The almost-smallest devices are powered by LoopOS(tm):

  while(1){ }

On the really low end, hardware is often single-purpose and you don't really need an operating system. When there is an operating system (maybe you have to listen to messages from something while performing a previously requested activity), a small hard real-time scheduling library gets used as an "operating system".

Just random RT OS's? It's been awhile since I've worked on tiny 8 bit mcus, but all the stuff was really small and seemingly hand rolled, nothing as monolithic as Linux.

I would not be surprised to learn that it varies from company to company and chip to chip, with various bits being shared for common logic.

There are all kinds of micro-everything circulating out there, from timing and IO drivers to entire network stacks.

As foofoo said, they often don't use OS's so much as libraries and loops. There are OS's that have been out there for a while for tiniest devices. Contiki is probably a nice intro to different tradeoffs they make in design and features:

http://www.contiki-os.org/

On more serious MCU's, you might see things like VxWorks or QNX:

https://en.wikipedia.org/wiki/VxWorks

https://en.wikipedia.org/wiki/QNX

As hardware improved, we also saw trimmed down Linux like ucLinux, MontaVista Linux, and so on. It just went from there with increasing complexity (and reboots :).

Not a single mention of grsecurity and RAP, useless article.

