This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina

September 22, 2023 by Jonathan Bennett 15 Comments

Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One of the vulnerabilities used was CVE-2023-41064, a buffer overflow in the ImageIO library. The details have not been confirmed, but the timing suggests that this is the same bug as CVE-2023-4863, a Webp 0-day flaw in Chrome that is known to be exploited in the wild.

The problem seems to be an Out Of Bounds write in the BuildHuffmanTable() function of libwebp. And to understand that, we have to understand libwebp does, and what a Huffman Table has to do with it. The first is easy. Webp is Google’s pet image format, potentially replacing JPEG, PNG, and GIF. It supports lossy and lossless compression, and the compression format for lossless images uses Huffman coding among other techniques. And hence, we have a Huffman table, a building block in the image compression and decompression.

What’s particularly fun about this compression technique is that the image includes not just Huffman compressed data, but also a table of statistical data needed for decompression. The table is rather large, so it gets Huffman compressed too. It turns out, there can be multiple layers of this compression format, which makes the vulnerability particularly challenging to reverse-engineer. The vulnerability is when the pre-allocated buffer isn’t big enough to hold one of these decompressed Huffman tables, and it turns out that the way to do that is to make maximum-size tables for the outer layers, and then malform the last one. In this configuration, it can write out of bounds before the final consistency check.

An interesting note is that as one of Google’s C libraries, this is an extensively fuzzed codebase. While fuzzing and code coverage are both great, neither is guaranteed to find vulnerabilities, particularly well hidden ones like this one. And on that note, this vulnerability is present in Android, and the fix is likely going to wait til the October security update. And who knows where else this bug is lurking. Continue reading “This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina” →

A colorful diagram representing the inner structure of the Linux kernel.

Find That Obscure Function With This Interactive Map Of The Linux Kernel

September 14, 2023 by Julian Scheffers 12 Comments

Linux has become one of the largest operating systems on the servers that run large websites, and hopefully, one day, it will be big in the desktop market too. Some of you may know how Linux as an operating system is structured, but have you ever wondered how the kernel itself is structured? Maybe you’ll find this colorful interactive map of the Linux kernel by [Costa Shulyupin] useful.

The interactive map depicts the major levels of abstraction and functionalities, dotted with over 400 prominent functions from the Linux kernel, which are also links to a cross-reference site so you can see all the definitions and usages. It divides the kernel into 7 rows and 7 columns containing domains with well-known terms like security and debugging, but also more obscure things like block devices and address families. These are also links, this time to the definition of the term in question. Finally, there are arrows flying everywhere, to show the relationships between all the many functions in the kernel.
Continue reading “Find That Obscure Function With This Interactive Map Of The Linux Kernel” →

Grannophone Helps You Stay In Touch

September 10, 2023 by Kristina Panos 20 Comments

Whether it’s distance, pandemics, or both that separate you from your elderly loved ones, what’s the best idea for communicating with them so they don’t suffer from loneliness on top of issues like dementia? We’d say it’s probably something like [Stefan Baur]’s Grannophone.

Back in late 2020, a Twitter user named [Nitek] asked the Internet what could be done in the way of a grandma-friendly video-conferencing solution, provided Grandma has a TV and a broadband internet connection. At first, [Stefan] was like, just get her an old iPad and FaceTime with her. But the question got him thinking. And prototyping.

Grannophones are essentially Linux machines with a video-capable SIP client connected over a VPN for privacy reasons. In simple mode, picking up the handset of one Grannophone will call the other, but more complicated configurations are possible. We particularly like that replacing the handset automatically obscures the camera. That’s a nice touch.

At this point, the Grannophone is a work in progress. The idea is that they be extremely easy to build at the kitchen table, like on the order of disposable Swedish furniture. If you can contribute to the project, please do. Be sure to check out the demonstration video after the break.

On the other hand, if Granny is 1337, you could always video-conference in terminal.

Continue reading “Grannophone Helps You Stay In Touch” →

Linux Fu: Build A Better Ls

September 8, 2023 by Al Williams 27 Comments

Ask someone to name all the things they can find in a room. Only a few will mention air. Ask a Linux command line user about programs they use and they may well forget to mention ls. Like air, it is seemingly invisible since it is so everpresent. But is it the best it can be? Sure, you can use environment variables and aliases to make it work a little nicer, but, in fact, it is much the same ls we have used for decades. But there have always been moves to make better ls programs. One of them, exa, was recently deprecated in favor of one of its forks, eza.

One thing we liked about eza is that it is a single file. No strange installation. No multiple files to coordinate. Put it on your path, and you are done. So installation is easy, but why should you install it?

Continue reading “Linux Fu: Build A Better Ls” →

WiFi, PWM Backlight, And Graphics On Updated Chumby Kernel

August 29, 2023 by Matthew Carlson 5 Comments

For some, the Chumby was a peek at what could have been. That vision never died for [Doug Brown], and he has been working tirelessly on bringing mainline Linux kernel support to the customizable smart display. He has posted several updates but recently got graphics and the PWM backlight working.

Of course, we covered when [Doug] first started working on the new kernel, so it’s high time we revisited the progress. The WiFi hardware uses a Marvell 88W8686 chipset, which talks over the SDIO bus, so it’s a matter of convincing the libertas driver to talk to it. With a USB to Ethernet adapter, [Doug] could boot new kernels over NFS, so he didn’t have to walk over to swap the SD card. After dealing with an unhandled fault when trying to read the SDHCI_HOST_VERSION register, [Doug] had access points showing up in NetworkManager but could not connect. As a nasty hack, he temporarily removed the interrupts and switched to polling in the driver. While that worked, it would never get upstreamed. A critical interrupt was being dropped, and commands went out of sequence. A second, perhaps ugly hack, read a register after acknowledging an SDIO interrupt, which seemed to work. But it was still a hack, and [Doug] wanted something cleaner. In a blind stroke of luck, he found the errata online and noticed that it mentioned that an interrupt could be missed when a signal was asserted. After following the workaround with a lot of head-scratching and deep diving, he had a fully working WiFi driver.

Graphics were a more straightforward endeavor compared to WiFi. He enabled the simpledrm driver (similar to simplefb) but using Direct Rendering Manager. He had a working panel that could run Qt apps by adding the frame buffer to the device tree with the correct compatible string, registers, and data. However, there was a Vivante GC300 graphics accelerator onboard that he wanted to use. A driver for Vivante GPUs already exists in the kernel, but after enabling it, the driver detects the GC300 and then starts complaining. He discovered that older revisions of the GC300 (like the ones found in Chumbys) mapped registered at different addresses and didn’t set some bits in their idle registers. Of course, just loading a GPU driver isn’t quite enough. He modified an x11 server that supported Vivante accelerators to support the GC300.

For hacking purposes, [Doug] set the backlight GPIO high. While easy to see, perhaps not the best for a device meant to blend in. The PAX166 comes with PWM hardware, though confusingly, it has two PWM modes for pin 84. PWM1 and PWM2 share some common clock and reset bits in a decidedly undocumented way. PWM2 doesn’t work until you configure and then turn off PWM1. However, the backlight turned off once out of UBoot and into Linux. Linux re-initialized the hardware too quickly, causing the device to freak out. This was solved using the abrupt shutdown register.

It’s a journey through debugging, Linux internals, and device tree hackery. Perhaps the most incredible thing is that these changes are submitted for upstreaming to the Linux kernel, with many landing in Linux 6.2. While it’s a shame new Chumbys aren’t being made, making your own smart display has never been easier.

Linux On A Commodore 64

August 27, 2023 by Al Williams 30 Comments

We are used to seeing Linux running on almost everything, but we were a bit taken aback to see [semu-c64] running Linux on a Commodore 64. But between the checked-out user name and the caveat that: “it runs extremely slowly and it needs a RAM Expansion Unit”, one can already start piecing together what’s happening here.

The machine running Linux is really a RISC-V32. It just so happens that the CPU is virtual, with the C64 pretending it is a bigger machine. The boot-up appears to take hours, so this is in no way practical, even though the comment is that optimization might be able to get a 10X speed up. It would still be about as slow as you can imagine.

To further add a layer of abstraction, the code hasn’t run yet on real Commodore hardware. Instead, it is running on an emulator. The emulator has “warp” mode to run faster than a real machine, and it is still slow. So think about that before you rush out to volunteer to boot this on your real hardware.

Tricks like this fall into the talking dog category. If a dog can talk, it isn’t that you think it will have something important to say. You just marvel that it can do it at all. Still, we get it. We spend a lot of time doing things at least as pointless. But at least it is fun!

Maybe emulate the whole thing in VR? Or maybe write some virtualization code for the C64 so you can emulate a Linux box and a quantum computer simultaneously.

Linux Fu: The Old School Terminal

August 23, 2023 by Al Williams 40 Comments

Maybe you have a vintage old-school computer. Maybe you have a replica. Maybe you just want to run SIMH and relive the glory days of CP/M or VMS. The problem is, it looks kind of silly to have CP/M running in your beautiful X11 terminal window full of 3D animations, opacity effects, and special fonts. You could buy an old CRT monitor. That would be cool, too, because on a modern screen, you don’t get scan lines and all the crummy artifacts that go along with an electron beam and phosphor display device. Or you can grab retro-cool-term.

Even if you don’t have an old computer, the program will work fine to simply run your shell for everyday use. Confound the youngsters when they see your terminal with scan lines and CRT jitter updating the latest packages.

What Is It?

If you want a shell in a GUI, you used to use xterm, although most people use something more modern. I use Konsole, but some like RXVT or whatever terminal your distro favors. Cool-retro-term is just a replacement for this. By default, it only opens a shell prompt.

Continue reading “Linux Fu: The Old School Terminal” →