OpenSource.com: Troubleshooting hardware problems in Linux

[…]The following tips should make it quicker and easier to troubleshoot hardware in Linux. Many different things can cause problems with Linux hardware; before you start trying to diagnose them, it’s smart to learn about the most common issues and where you’re most likely to find them.[…]

https://opensource.com/article/18/12/troubleshooting-hardware-problems-linux

build-anywhere: Create highly portable ELF binaries using the build-anywhere toolchain

This post describes the basic requirements for compiling highly portable ELF binaries. Essentially using a newer Linux distro like Ubuntu 18.10 to build complex projects that run on older distros like CentOS 6. The details are limited to C/C++ projects and to x86_64 architectures. The low-level solution is to use a C++ runtime that requires only glibc 2.13+ runtime linkage and link all third-party libraries as well as the compiler runtime and C++ implementation statically. Do not make a “fully static” binary. You will most likely find a glibc newer than 2.13 on every Linux distribution released since 2011. The high-level solution is to use the build-anywhere scripts to build a easy-to-use toolchain and set compiler flags.[…]

https://github.com/theopolis/build-anywhere

https://casualhacking.io/blog/2018/12/25/create-highly-portable-elf-binaries-using-the-build-anywhere-toolchain

GPU-pass-through-compatibility-check: Automatically set up a Linux system for PCI pass-through and check if it is compatible

This project consists of 3 parts.
1) A script (gpu-pt-check.sh) that automatically checks to what extend a computer is compatible with GPU pass-through in its given configuration.
2) A script (setup.sh) that automatically installs and configures your system for GPU pass-through (Only tested on fresh installs of Fedora 28 x64 with Gnome, booted in UEFI mode!)
3) Instructions on how to create a bootable Linux USB stick that automatically runs the gpu-pt-check.sh script when you boot from it without any user interaction required.

example output

https://github.com/T-vK/GPU-pass-through-compatibility-check

ALT Linux adds packages for UEFI keys and certs

https://github.com/alt-packages/alt-uefi-keys
https://github.com/alt-packages/alt-uefi-certs
https://en.altlinux.org/Main_Page
https://www.altlinux.org/UEFI

This package contains ALT Linux UEFI SB CA certificate corresponding to the private key that is now used to sign ALT Linux UEFI bootloaders to cope with UEFI SecureBoot regime (aka “Restricted Boot”). This can be enrolled by the user so that ALT shim and subsequent bootloaders are accepted by firmware without Microsoft’s certificates.

PS: ALT Linux Rescue includes an EFI System Partition (ESP) with a few tools, and a boot option to go into UEFI or Linux.

https://en.altlinux.org/Rescue

LinuxFlaw: collection of hundreds of Linux vulnerabilities

https://github.com/VulnReproduction/LinuxFlaw

https://www.usenix.org/conference/usenixsecurity18/presentation/mu

As the above Twitter thread shows, see-also:

https://syzkaller.appspot.com/?fixed=upstream

https://syzkaller.appspot.com/

CVE-2017-1000112: Linux Kernel Runtime Guard (LKRG) bypass

https://www.openwall.com/lists/lkrg-users/2018/11/16/2

This is a proof-of-concept local root exploit for the vulnerability in the UFO Linux kernel implementation CVE-2017-1000112.

https://www.openwall.com/lists/oss-security/2017/08/13/1

https://github.com/milabs/kernel-exploits/tree/master/CVE-2017-1000112

 

Defensive Security: Playing with Linux Kernel Runtime Guard (LKRG)

https://www.defensive-security.com/blog/playing-with-linux-kernel-runtime-guard-lkrg

An introduction to Udev: The Linux subsystem for managing device events

Linux subsystem for managing device events
Create a script that triggers your computer to do a specific action when a specific device is plugged in.
13 Nov 2018
Seth Kenlon (Red Hat)

Udev is the Linux subsystem that supplies your computer with device events. In plain English, that means it’s the code that detects when you have things plugged into your computer, like a network card, external hard drives (including USB thumb drives), mouses, keyboards, joysticks and gamepads, DVD-ROM drives, and so on. That makes it a potentially useful utility, and it’s well-enough exposed that a standard user can manually script it to do things like performing certain tasks when a certain hard drive is plugged in. This article teaches you how to create a udev script triggered by some udev event, such as plugging in a specific thumb drive. Once you understand the process for working with udev, you can use it to do all manner of things, like loading a specific driver when a gamepad is attached, or performing an automatic backup when you attach your backup drive.[…]

https://opensource.com/article/18/11/udev?sc_cid=70160000001273HAAQ

VirtualBox E1000 Guest-to-Host Escape zero day

https://github.com/MorteNoir1/virtualbox_e1000_0day

Linux Unattended Installation – Tools to create an unattended installation of a minimal setup of Linux

This project provides all you need to create an unattended installation of a minimal setup of Linux, whereas minimal translates to the most lightweight setup – including an OpenSSH service and Python – which you can derive from the standard installer of a Linux distribution. The idea is, you will do all further deployment of your configurations and services with the help of Ansible or similar tools once you completed the minimal setup. Use the build-iso.sh script to create an ISO file based on the netsetup image of Ubuntu. Use the build-disk.sh script to create a cloneable preinstalled disk image based on the output of build-iso.sh. […]UEFI and BIOS mode supported.[…]

https://github.com/core-process/linux-unattended-installation

 

Linux Security Summit Europe 2018 videos uploaded

Linux Security Summit Europe 2018 videos have been uploaded to YouTube:

https://events.linuxfoundation.org/events/linux-security-summit-europe-2018/

And slides are here:

https://events.linuxfoundation.org/events/linux-security-summit-europe-2018/program/slides/

Ubuntu bug 1798863, CVE-2018-18653, UEFI Secure Boot vuln

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.[…]

Source: MITRE
Description Last Modified: 10/25/2018

https://nvd.nist.gov/vuln/detail/CVE-2018-18653

[…]This flaw is introduced by certain configuration options in combination with this out-of-tree patch from the Lockdown patchset[…]

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863/comments/23

https://vuldb.com/?id.125976
Current Exploit Price (≈) $5k-$25k