[$] Smart pointers for the kernel
Rust has a plethora of smart-pointer types, including
reference-counted pointers, which have special support in the compiler to make
them easier to use. The Rust-for-Linux project would like to reap those same
benefits for its smart pointers, which need to be written by hand to conform to
the Linux kernel memory model. Xiangfei Ding presented at Kangrejos about the
work to enable custom smart pointers to function the same as built-in smart
pointers.
Three Friday kernel updates
The 6.11.2, 6.10.13, and 6.6.54 stable kernels have been
released.
They contain important fixes, and upgrading is, as always,
recommended.
oath-toolkit: privilege escalation in pam_oath.so (SUSE Security Team Blog)
The SUSE Security Team Blog has a detailed report on its
discovery of a privilege escalation in the oath-toolkit, which provides
libraries and utilities for managing one-time password (OTP) authentication.
Fellow SUSE engineer Fabian Vogt approached our Security Team about the
project's PAM module. A couple of years ago, the module gained a feature which
allows to place the OTP state file (called usersfile) in the home directory of
the to-be-authenticated user. Fabian noticed that the PAM module performs unsafe
file operations in users' home directories. Since PAM stacks typically run as
root, this can easily cause security issues.
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox,
golang, linux-firmware, and thunderbird), Debian (kernel and zabbix), Fedora
(firefox, pgadmin4, and php), Mageia (chromium-browser-stable, cjson, hostapd
and wpa_supplicant, and openjpeg2), Oracle (firefox, flatpak, and go-
toolset:ol8), Red Hat (cups-filters, firefox, grafana, linux-firmware, python3,
python3.11, and python3.9), SUSE (expat, firefox, libpcap, and opensc), and
Ubuntu (freeradius, imagemagick, and unzip).
[$] Coping with complex cameras
Cameras were never the simplest of devices for Linux to
support; they have a wide range of operating parameters and can generate high
rates of data.
In recent years, though, they have become increasingly
complex, stressing the ability of the kernel's media subsystem to manage them.
At the 2024 Linux Plumbers Conference, developers from that subsystem and beyond
gathered to discuss the state of affairs and how complex camera devices should
be supported in the future.