The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Linux kernel development

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

October 12, 2018Mohit Kumar
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action. Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses. In an attempt to prevent this attack, Google has now added support for LLVM's Control Flow Integrity (CFI) to Android's kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the contr
Linus Torvalds Apologizes For His Rude Behavior—Takes Time Off

Linus Torvalds Apologizes For His Rude Behavior—Takes Time Off

September 18, 2018Wang Wei
What just happened would definitely gonna surprise you. Linus Torvalds—father of the Linux open-source operating system—finally admitted his behavior towards other developers in the Linux community was hurting people and Linux. In a surprising move this weekend, Torvalds apologized for insulting and abusing other developers for almost three decades and took a break from the open-source software to work on his behavior. In an email to the Linux Kernel Mailing List (LKML) on Sunday, Torvalds said that he was confronted by people of the Linux community this week about his lifetime of not understanding emotions, and apologized for his personal behavior that has hurt people and possibly has driven some of them away from working in kernel development altogether. Torvalds wrote, "I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely." "I am going to take
11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

February 22, 2017Swati Khandelwal
Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu. Over a decade old Linux Kernel bug ( CVE-2017-6074 ) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller , a kernel fuzzing tool released by Google. The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket." The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service ( system crash ) or escalate privileges to gain administrative access on a system. "An attacker can control what object that would be and overwrite
How to Run Linux Kernel on Canon DSLRs Cameras

How to Run Linux Kernel on Canon DSLRs Cameras

April 07, 2015Swati Khandelwal
Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii . What If I could port Linux Kernel to my DSLR Camera ?? Well, it's now possible for you to port Linux to your Canon DSLR cameras, thanks to the fine folks behind the well-known third-party software add-on, Magic Lantern . The developers of Magic Lantern have provided some incredible features to DSLR video world for free, with an open-source firmware add-on called Magic Lantern. Magic Lantern is actually an enhancement that works on top of Canon's DSLR firmware to provide professional video features that were lacking in the early video-capable Canon DSLR, including better control over audio, helpful exposure, programmable focus, audio tools and more. However, the latest work by the Magic Lantern team sounds much more e
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.