linux

630 Articles

Major Bug Grants Root For All Major Linux Distributions

January 26, 2022 by 65 Comments

One of the major reasons behind choosing Linux as an operating system is that it’s much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn’t mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can’t run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

Linux Fu: Don’t Share Well With Others

December 28, 2021 by 14 Comments

In kindergarten, you learn that you should share. But for computer security, sharing is often a bad thing. The Linux kernel introduced the concept of namespaces starting with version 2.6.24. That’s been a few years ago, but namespaces are not used by many even though the tools exist to manipulate them. Granted, you don’t always need namespaces, but it is one of those things that when you do need it, the capability is priceless. In a nutshell, namespaces let you give a process its own private resources and — more importantly — prevents a process from seeing resources in other namespaces.

Turns out, you use namespaces all the time because every process you run lives in some set of namespaces. I say set, because there are a number of namespaces for different resources. For example, you can set a different network namespace to give a process its own set of networking items including routing tables, firewall rules, and everything else network-related.

So let’s have a look at how Linux doesn’t share names.

Continue reading “Linux Fu: Don’t Share Well With Others”

Linux For The Paranoid Does The Work For You

December 22, 2021 by 42 Comments

We all know that our activity on the Internet is not that hard to track. It just annoys some people more than others. If you are really hardcore, you’ll learn all the ins and outs of networking to help cover your tracks, but what if you don’t want to invest that kind of time? Maybe, as [TechRepublic] suggests, try Kodachi Linux.

You could, of course, start with your own live image. Then when you boot, you could take the following steps:

  • Randomize your MAC Address
  • Establish a TOR connection through a VPN
  • Route all internet traffic through TOR and use DNS encryption
  • Set up a scheduled task to scramble your MAC address periodically

But that’s what Kodachi does without any real effort on your part.

The distribution is based on Ubuntu, so all the familiar tools are there. There are also a few security and privacy tools included like KeePass, Tox, OnionShare, i2p, and more. The desktop shows a summary of secure network information

Do you need Kodachi? Probably not, if you are a Linux guru. Plus, most people aren’t doing anything that’s that interesting. But if you want to protect your privacy or you are up to something, give Kodachi a try. Then again, if you are that paranoid, maybe that’s just what THEY want you to do. Make your own decisions. You can also check out the video review from [eBuzz Central] below.

Looking for more conventional Linux? Why not Rocky Linux? If you just want a VPN, you can always just use ssh.

Continue reading “Linux For The Paranoid Does The Work For You”

PinePhone Malware Surprises Users, Raises Questions

December 16, 2021 by 84 Comments

On December 5th, someone by the IRC nickname of [ubuntu] joined the Pine64 Discord’s #pinephone channel through an IRC bridge. In the spirit of December gift-giving traditions, they have presented their fellow PinePhone users with an offering – a “Snake” game. What [ubuntu] supposedly designed had the potential to become a stock, out-of-the-box-installed application with a small but dedicated community of fans, modders and speedrunners.

Unfortunately, that would not be the alternate universe we live in, and all was not well with the package being shared along with a cheerful “hei gaiz I make snake gaem here is link www2-pinephnoe-games-com-tz replace dash with dot kthxbai”  announcement. Shockingly, it was a trojan! Beneath layers of Base64 and Bashfuscator we’d encounter shell code that could be in the “example usage” section of a modern-day thesaurus entry for the word “yeet“.

Continue reading “PinePhone Malware Surprises Users, Raises Questions”

Linux Fu: The Ultimate Dual Boot Laptop?

November 30, 2021 by 37 Comments

I must confess, that I try not to run Windows any more than absolutely necessary. But for many reasons, it is occasionally necessary. In particular, I have had several laptops that are finicky with Linux. I still usually dual boot them, but I often leave Windows on them for one reason or another. I recently bought a new Dell Inspiron and the process of dual booting it turned out to be unusually effective but did bring up a few challenges.

If you ever wanted a proper dual-booting laptop, you’ll be interested in how this setup works. Sure, you can always repartition the drive, but the laptop has a relatively small drive and is set up very specifically to work with the BIOS diagnostics and recovery so it is always a pain to redo the drive without upsetting the factory tools.

Since the laptop came with a 512 GB NVMe drive, I wanted to upgrade the drive anyway. So one option would have been to put a bigger drive in and then go the normal route. That was actually my intention, but I wound up going a different way.

Continue reading “Linux Fu: The Ultimate Dual Boot Laptop?”

HPi95LX Puts Linux In Your Palm

November 29, 2021 by 30 Comments

A few decades ago, palmtop computers were mostly based on MS-DOS, and while many users tried to mimic the UNIX experience, the results were mixed. Fast forward to the present and business-card-sized Linux computers modules abound. Canadian tinkerer [Rune Kyndal] decided to make his own Linux palmtop by sacrificing an old HP-95LX and replacing the guts with a Raspberry Pi Zero and a color LCD screen. We’re impressed with the rich set of features he has crammed into the limited volume of the case:

Inside View: Everything fits, barely
  • Raspberry Pi Zero W
  • Color LCD, 4.3 inch, 800×480 w/Backlight
  • Capacitive touch screen (not connected yet)
  • Stereo speakers + microphone
  • Ethernet 10/100
  • USB 2.0, 2 each
  • RS-232, DE-9 connector
  • microSD card
  • HDMI
  • IR dataport
  • Webcam (TBD)
  • LiPo Battery w/Charger

One problem that any palmtop faces is how to make a usable keyboard, and HP had one of the better designs. The keys are the same famous style as used in HP calculators. And while no human with normal hands could touch-type on it, the keyboard’s layout and tactile feel was well-suited to “thumb typing”. [Rune] made a good decision by keeping the original keyboard.

While fully functional, this is more of a proof of concept than a polished project. [Rune] primarily used bits and pieces that he had laying around. [Rune] says if he did it again, he would replace all the hot-glued accessory parts with a custom PCB, which is probably good advice. If you want to make your own, check out the project comments for some suggestions.

accelerometer, oled, and PocketBeagle create a gesture-controlled calculator

The Calculator Charm: Calculatorium Leviosa!

November 28, 2021 by 5 Comments

Have you ever tried waving your hand around like a magic wand and summoning a calculator? We would guess not since you’d probably look a little silly doing so. That is unless you had [Andrei’s] cool gesture-controlled calculator. [Andrei] thought it would be helpful to use a calculator in his research lab without having to take his gloves off and the results are pretty cool.

His hardware consists of a PocketBeagle, an OLED, and an MPU6050 inertial measurement unit for capturing his hand motions using an accelerometer and gyroscope. The hardware is pretty straightforward, so the beauty of this project lies in its machine learning implementation.

[Andrei] first captured a few example datasets to train his algorithm by recreating the hand gestures for each number, 0-9, and recording the resulting accelerometer and gyroscope outputs. He processed the data first with a wavelet transform. The intent of the transform was two-fold. First, the transform allowed him to reduce the number of samples in his datasets while preserving the shape of the accelerometer and gyroscope signals, the key features in the machine learning classification. Secondly, he was able to increase the number of features for the classification since the wavelet transform resulted in both approximation and detailed coefficients which can both be fed into the algorithm.

Because he had a small dataset, he used the Stratified Shuffle Split technique instead of the test train split method which is generally more suited for larger datasets. The Stratified Shuffle Split ensured approximately the same number of train and test samples for each gesture. He was also very conscious of optimizing his model for running on a portable processing unit like the PocketBeagle. He spent some time optimizing the parameters of his algorithm and ultimately converted his model to a TensorFlowLite model using the built-in “TFLiteConverter” function within TensorFlow.

Finally, in true open-source fashion, all his code is available on GitHub, so feel free to give it a go yourself. Calculatorium Leviosa!

Continue reading “The Calculator Charm: Calculatorium Leviosa!”