LinuxSecurity’s Post

🚀 Exciting News for Linux Enthusiasts! 🐧 Fedora Linux 40 is now officially released, featuring the innovative Linux Kernel 6.8. This update brings the GNOME 46 desktop environment for Fedora Workstation and KDE Plasma 6 for Fedora KDE Spin. Key enhancements include IPv4 address conflict detection, streamlined network management, and advanced security protocols. Dive into the future with Fedora Linux 40 and explore the frontier of open-source technology! #Linux #Fedora40 #TechnologyUpdate #OpenSource https://lnkd.in/ekg-fA7t

Status update on GCC security features for the Linux kernel - Qing Zhao. Multiple security features for the Linux kernel have been added into GCC releases since GCC11, including "zero call-used registers at return" (GCC11), "stack variables auto-initialization" (GCC12), "treating flexible array members in a stricter way" (GCC13), etc. These features have been actively used by the Linux kernel to improve its security for several years. In this talk, we will focus on several most recent features in this area (in GCC14 and GCC15) First, I provide a status update on the task list including most-wanted security features for the Linux kernel from last year. The first group includes several items relating to flexible array members (FAM), such as, supporting "structures with FAM nested in other structures", supporting "FAMs in unions", and "a new attribute counted_by for FAMs". All these items are finished and committed into GCC14 and GCC15. - The second group includes items that reduce false positive warnings for -Warray-bounds. Most of the items are fixed, one item has been further discussed and agreed on. Instead of a GCC false positive, it's a real kernel bug. Kernel patch has been submitted to fix this bug. At the same time, GCC need general improvement in this area to provide more contexts information to the users when issuing warnings. The GCC work is ongoing. The third group includes several items about arithmetic overflow protection, including new unsigned overflow detection, improvement to signed integer overflow handling, etc. Some more discussion on this area, not too much real progress. CLANG has made bigger progress in this area, GCC might need catch up. The last group is kernel control flow integrity (KCFI), which is a big but important security feature, wanted badly by the Linux kernel. More discussion but no real progress yet. Then, More details are given on multiple interesting items that have been done within this year or are ongoing right now. The implementation of counted-by attribute for FAM in GCC15. Extend counted-by attribute to pointers inside structures or pointer arguments of a call. Improvement to GCC diagnostic to provide more hints of compiler code duplication to end user in order to help users to locate the error accurately in their code. The talk concludes with a sketch of future work and further improvement in this area. https://lnkd.in/eUvPdJdD

All #Linux distros package and configure #syslog_ng slightly differently. I'm used to it but while working with Gábor Samu I realized that it can be a real problem. Here is a collection of main differences among openSUSE Project, Fedora Project, #Debian and #FreeBSD:

Fedora Linux 40 Officially Released with Linux Kernel 6.8, Here’s What’s New https://lnkd.in/dcu9S2gu

From my latest blog you can learn about some of the main differences in #packaging and #configuration of syslog-ng in various #Linux distributions and #FreeBSD, and how to recognize these when configuring #syslog_ng on a different platform.

Blog post: How to create a custom Debian virtual machine installation using preseed and virt-install #linux #debian #libvirt #virtualization #automation #encryption #qemu #kvm

Bcachefs is a promising filesystem but has faced some setbacks, at least for the 6.13 kernel release, due to issues involving its lead maintainer... Read the article for more details. https://lnkd.in/gNJ2F9Hv #linuxnews #linuxkernel #linux #bcachefs

Fedora Linux 40 Officially Released with Linux Kernel 6.8, Here's What's New - 9to5Linux

A link I shared a few times at #EuroBSDcon: How you can easily test the very latest #syslog_ng git snapshot on #FreeBSD, including building the syslog-ng release tgz without booting Linux.

How to SSH into Talos Linux https://lnkd.in/dEFZ8-KU