back to article Don't worry about those 40 Linux USB security holes. That's not a typo

The Linux kernel USB subsystem has more holes than a donut shop. On Monday, Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws found using syzkaller, a kernel fuzzing tool developed by another Google software engineer, Dmitry Vyukov. That's just the tip of the iceberg. In an email to The Register, …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Wasn't that the primadonna maintainer project

    Hmm... Wasn't that the primadonna maintainer which could not stand Linus blowouts? That figures.

    1. Donkey Molestor X

      Re: Wasn't that the primadonna maintainer project

      > Hmm... Wasn't that the primadonna maintainer which could not stand Linus blowouts? That figures.

      Given Linus's track record, the maintainer was probably punished for pointing out and trying to fix security holes. Linus is famous for his disrespect of security researchers, considering them no better than "masturbating monkeys" - his words not mine.

      He also thinks that people who displease him should have the brake lines on their cars cut. He's pretty sick like that.

      Linus's apathetic attitude to security concerns is a tax that every computer user gets to pay - every time another Linux-enabled piece of IoT crapware DDoSes the 'net to oblivion.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wasn't that the primadonna maintainer project

        Now tell me how you *really* feel :).

        It's not good news, that's for sure. It will be interesting to see how long it takes for this to be cleaned up. The sheer volume points towards a rewrite rather than a load of patches..

        1. Daggerchild Silver badge

          Re: Wasn't that the primadonna maintainer project

          "It will be interesting to see how long it takes for this to be cleaned up"

          USB has long been one of those things where switching it off in its entirety is good if you can do it.

          There are many, many sub-drivers for different esoteric bits of little used USB kit in the kernel tree, that any USB device could bait into life then perhaps blindside. I like to prune the kernel build around here.

          However, I don't think any of the other major OS's want to throw stones round here either. Does MS sandbox its squillion USB device drivers? Doesn't Apple's connector allow the device to DMA arbitrary RAM?

      2. WolfFan Silver badge

        Re: Wasn't that the primadonna maintainer project

        Interesting. Mass quantities of downvotes... and he's perfectly right. Linus does have an odd attitude towards security. He did call security researchers 'masturbating monkeys'. https://www.cio.com/article/2434264/open-source-tools/torvalds-calls-openbsd-group--masturbating-monkeys-.html

        And he did advocate cutting the brake lines of those who annoy him. https://www.theregister.co.uk/2013/09/11/torvalds_suggests_poison_and_sabotage_for_arm_soc_designers/

        Ah, well, let's see how many downvotes this gets...

        1. fandom Silver badge

          Re: Wasn't that the primadonna maintainer project

          "He did call security researchers 'masturbating monkeys'."

          And then you add a link in which he doesn't call security researchers 'marturbating monkeys'.

          Actually, the link itself show who he is calling that but, of course, reading that much is too much effort.

      3. Sitaram Chamarty
        FAIL

        Re: Wasn't that the primadonna maintainer project

        the "IoT crapware DDoSes" (if you're talking about Mirai) were due to default passwords. Not much Linus can do about that -- it's on the vendor and/or the customer.

      4. HieronymusBloggs Silver badge

        Re: Wasn't that the primadonna maintainer project

        "He also thinks that people who displease him should have the brake lines on their cars cut. He's pretty sick like that."

        You have an interesting combination of hobbies: molesting donkeys and collecting El Reg downvotes.

      5. Lars Silver badge
        Linux

        Re: Wasn't that the primadonna maintainer project

        You do know that "Linus is famous for his disrespect of security researchers (all of them?)", if it was true, which it's not, does not mean "Linus's apathetic attitude to security concerns". That you did invent yourself, and is a dumb thing to write.

        As far as I can remember he has suggested the real experts, the "mean hackers", should become good citizens, from black to white, sort of, as they are the real experts as they tend to be a step ahead.

        1. patrickstar

          Re: Wasn't that the primadonna maintainer project

          Linus has stated in public that he does not consider security vulnerabilities any different from other bugs. That's a pretty apathetic attitude to security concerns in my book...

          And he has basically told real experts trying to improve the security of the Linux kernel to go fuck themselves (probably not literally - I'd expect him to use much more creative insults than that). See refusal to interact with the Grsecurity guys in any meaningful way, for example, and the half-assed Kernel Self Protection Project that followed public pressure to improve the situation (which, by the way, is most certainly not composed of 'real [security] experts')

          Plus, black hat kernel security wizards are paid handsomely for their efforts at doing black hat kernel security stuff nowadays. You can't just ask them nicely to start doing work for free instead and expect anything but a chorus of laughs.

          1. Daggerchild Silver badge

            Re: Wasn't that the primadonna maintainer project

            "Linus has stated in public that he does not consider security vulnerabilities any different from other bugs. That's a pretty apathetic attitude..."

            Your statement is insecure due to it having a vulnerable logical assumption in it.

            Feature request: Post icon of Baldrick holding an iron.

          2. oldcoder

            Re: Wasn't that the primadonna maintainer project

            Well, Grsecurity really isn't. Protecting path names isn't very secure.

          3. John Brown (no body) Silver badge

            Re: Wasn't that the primadonna maintainer project

            "Linus has stated in public that he does not consider security vulnerabilities any different from other bugs. That's a pretty apathetic attitude to security concerns in my book..."

            Only if you assume that all bugs are treated apathetically.

            Maybe he was just saying that, by definition, a security vuln is a bug, ie something is not behaving as expected and since bugs are usually treated with varying degrees of urgency, it kinda makes your claim look a bit silly.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wasn't that the primadonna maintainer project

      Thank God they use something more secure like Windows XP on ATMs....

  2. frank ly Silver badge

    Tell me now

    "... WebUSB API can be used by a web page to interact with a USB device (or USB device driver) from user space ..."

    How can I block it?!

    1. Anonymous Coward
      Anonymous Coward

      Re: Tell me now

      Upgrade to Windows.

      1. borkbork

        Re: Tell me now

        So, cut off your nose to spite your face?

        1. Anonymous Coward
          Anonymous Coward

          Re: Tell me now

          So, cut off your nose to spite your face?

          Next time, pay attention to the whooshing sound as it goes over your head :)

          1. Lars Silver badge
            Flame

            Re: Tell me now

            Dear Brits, next time, before you write "cut off your nose to spite your face", please do it, try it out first. There are dumb sentences in every language, one has to assume, but this takes the top one I can think of in English. Perhaps you could provide better to prove I don't know the language that well, which of course is a fact.

            Somehow I have this feeling it has suddenly again appeared due to the Brexit rhetoric. The worst sentence, in any language, I can think of is "self hating Jew" and how it is used. And no I am not. Any better contenders and yes "The Mood" is like this.

      2. Michael Habel Silver badge

        Re: Tell me now

        That's a strange use of the word "Upgrade", that I was previously unaware of...

      3. Archtech Silver badge

        Re: Tell me now

        Er, at least we know about the bugs in Linux.

    2. Doctor Syntax Silver badge

      Re: Tell me now

      "How can I block it?"

      Epoxy resin in the USB port. Always the best thing to do unless where there's no valid reason for a USB connection and less trouble than unsoldering the connector from the board.

      Well, you did ask.

      1. Tim Bates

        Re: Tell me now

        A fair number of BIOSes/UEFIs allow you to disable USB. Some allow it right down to per-port configs.

  3. kryptylomese

    Physical access means you own the system

    Did I mention that physical access to system means an attacker owns it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Physical access means you own the system

      "Did I mention that physical access to system means an attacker owns it?"

      Unless of course it runs say Secure Boot with Bitlocker.

      1. Roo
        Windows

        Re: Physical access means you own the system

        "Unless of course it runs say Secure Boot with Bitlocker."

        Plenty of locally exploitable priv escalation vulns once the box is up though. ;)

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical access means you own the system

          "Plenty of locally exploitable priv escalation vulns once the box is up though. ;)"

          And how would you use those without a valid login?!

          1. Kiwi
            Trollface

            Re: Physical access means you own the system

            And how would you use those without a valid login?!

            Click "CANCEL" on the login prompt? Or have they fixed that little blunder"feature"?

          2. oldcoder

            Re: Physical access means you own the system

            Same way all the viruses and ransomeware malware do.

            Just ask for one. Windows will obligingly give you one.

      2. Dan 55 Silver badge

        Re: Physical access means you own the system

        The secure boot "golden key" was found a year ago as reported by this very esteemed organ.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical access means you own the system

          "The secure boot "golden key" was found a year ago as reported by this very esteemed organ."

          You might want to read what you linked to "These skeleton keys can be used to install non-Redmond operating systems on locked-down computers.". They don't compromise an installed / encrypted OS...

        2. AdamWill

          Re: Physical access means you own the system

          "The secure boot "golden key" was found a year ago as reported by this very esteemed organ."

          That's not...actually what that was at all.

          https://mjg59.dreamwidth.org/44223.html

      3. Anonymous Coward
        Anonymous Coward

        Re: Physical access means you own the system

        > Unless of course it runs say Secure Boot with Bitlocker.

        Well accept if the PC boots, automatically bitlocker is already decrypting stuff so the PC is still susceptible to plug in device attacks. I've just "updated" a W10 box from a vendor's encryption system to bitlocker and was horrified to see that it just boots before taking me through the security checks before being able to access the disk.

        Lets face it, Windows doesn't have a great track record when it comes to security.

        1. Anonymous Coward
          Anonymous Coward

          Re: Physical access means you own the system

          Lets face it, Windows doesn't have a great track record when it comes to security.

          FIFY..

        2. Anonymous Coward
          Anonymous Coward

          Re: Physical access means you own the system

          "so the PC is still susceptible to plug in device attacks."

          Of which there are none unpatched that I am aware of. And of which those that I am previously aware of all required a valid local login first...

          "Lets face it, Windows doesn't have a great track record when it comes to security."

          Neither does Linux...

          1. Anonymous Coward
            Anonymous Coward

            Re: Physical access means you own the system

            "so the PC is still susceptible to plug in device attacks."

            Of which there are none unpatched that I am aware of. And of which those that I am previously aware of all required a valid local login first...

            Any plugin device with DMA.

      4. Maventi

        Re: Physical access means you own the system

        > Unless of course it runs say Secure Boot with Bitlocker.

        Hopefully then it doesn't use a key generated by an Infineon TPM, or use an Intel CPU manufactured after 2008.

  4. Anonymous Coward
    Anonymous Coward

    Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws

    Simples.

    You know you were thinking it.

    1. soulrideruk Bronze badge

      Re: Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws

      That they found the holes in Android, and to their delight, were able to port the blame back to Linux?

      You wouldn't possibly be insinuating anything due to the name of the researcher of course...

      1. sabroni Silver badge

        Re: and to their delight, were able to port the blame back to Linux?

        Aww, did the mean researchers spot (a ridiculous number of) flaws in your beloved OS?

    2. Lyle Dietz

      Re: Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws

      I wasn't until you posted that, and now I hate you.

      Take your upvote and get out :P

  5. Ilsa Loving

    Who cares about the USB issues...

    How do you make those adorable penguin appetizers? I'm guessing carrots and olives... and... cream cheese?

    1. Palpy
      Linux

      Re: Who cares about the USB issues...Appetizers!

      Probably some Mint in there. I don't much fancy carrots and olives... maybe a cheese-beak? Mmmm, penguins.

      I seem to recall that the Scott expedition (I think) did not fancy the real article so very much. Oily and fishy.

      1. Lars Silver badge
        Linux

        Re: Who cares about the USB issues...Appetizers!

        "I seem to recall that the Scott expedition (I think) did not fancy the real article so very much. Oily and fishy.".

        They might have stayed alive if they had had some oily to burn and some fishy to eat. I am not, however, sure there was any penguins in that hopeless effort. The sorry British effort to downplay Roald Amundsen was to point out that they shared a few dogs, between them and the dogs, as they had planned. (it's still around).

        Poor Scott and his men had nor penguins nor dogs, just morphine for those dreadful last hours, and his dog rescue team did not reach them in time.

        See what you did here Palpy, penguins means Linux not polar expeditions (or dogs).

        PS. if you find an USB stick on the grass, preferable under some leaf, and you cannot, as we all know, stop your self from finding out, if perhaps, it contains something of great importance to somebody, but certainly not meant for you.

        Then do like I always do, there back in that corner lies an old laptop with Linux but no internet and apart from that there lies a stick with an Linux iso on it. Into such a laptop you stick that USB you just found and then you get disappointed and format the damned thing or then you just dump it for the next person to find out, according to the mood you are in. And then you boot that old laptop with the Linux iso USB iv it and it's all fine again what ever was on that USB, I think.

    2. Fruit and Nutcase Silver badge
      Pint

      Re: Who cares about the USB issues...

      @Ilsa Loving

      ...penguin appetizers?

      I counted 41 of the little blighters. Looks like there is one more CVE not accounted for!

      (Magnified the image and counted the sticks. Anyone care to confirm?)

  6. SL1979

    Meanwhile...

    The rest of us are absolutely *SHOCKED* that you can actually compromise a machine if you have physical access... Who could have predicted that? </sarcasm>

    1. Steve Davies 3 Silver badge

      Re: Who could have predicted that?

      What about...

      Putting the system in a locked basement only accessible on a Sunday night that has a full moon and with a sign on the door saying ,'Beware of the Leopard'.

      1. Michael Habel Silver badge

        Re: Who could have predicted that?

        Sounds like the ideal place to store some planned Council Plans, regarding a purposed bypass.

      2. Anonymous Coward
        Anonymous Coward

        Re: Who could have predicted that?

        That would be 'beware of the High Sierra' now, which doesn't work so well.

        (Both the remark and High Sierra, come to think of it...)

        1. Anonymous Coward
          Anonymous Coward

          Re: Who could have predicted that?

          That would be 'beware of the High Sierra' now, which doesn't work so well.

          Oh? Just installed it after it had its first update (10.13.1) and apart from an unwillingness to auto-mount external drives if they are encrypted (hand-mount through Disk Util or command line) it appears to work reasonably well.

          That said, WTF did they do in APFS that makes filesystem checks take THAT long?!? I checked a 500GB SSD in repair mode to see what it would do, and that clocked in at 10 full minutes (twice, because I thought I'd made a mistake and fired it up again before I got myself a coffee and watched it). Ugh.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019