Linux Kernel memory use risk – CVE-2014-5332

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.

Weakness classification

  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Timeline

August 18, 2014 MITRE reserved CVE
February 6, 2015 NVD published advisory

Affected products

  • Linux Kernel 3.10

Authority references

Vendor & other references

 

How to Optimize MySQL

CentOS
There is a default my.cnf that comes with mysql (4+5) that will make mysql run a bit quicker if you have 2+ gig of ram cp -f /usr/share/mysql/my-large.cnf /etc/my.cnfThere is also my-huge.cnf, or my-medium.cnf depending on your hardware setup.   Check the contents of these my*.cnf files for the one that’s right for you.

*NOTE* the log-bin option is enabled  by default.  This will quickly use a lot of disk space.  It’s recommended to comment out the log-bin line from your /etc/my.cnf, if it exists.

 

Remember to restart mysql when you are done with your my.cnf tweaking:

Redhat:/sbin/service mysqld restart

FreeBSD:/usr/local/etc/rc.d/mysqld restart

Linux is just the kernel, GNU is the OS.

This is an interesting read and some old history copied from http://www.gnu.org/gnu/linux-and-gnu.html

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

Many users do not understand the difference between the kernel, which is Linux, and the whole system, which they also call “Linux”. The ambiguous use of the name doesn’t help people understand. These users often think that Linus Torvalds developed the whole operating system in 1991, with a bit of help.

Programmers generally know that Linux is a kernel. But since they have generally heard the whole system called “Linux” as well, they often envisage a history that would justify naming the whole system after the kernel. For example, many believe that once Linus Torvalds finished writing Linux, the kernel, its users looked around for other free software to go with it, and found that (for no particular reason) most everything necessary to make a Unix-like system was already available.

What they found was no accident—it was the not-quite-complete GNU system. The available free software added up to a complete system because the GNU Project had been working since 1984 to make one. In the The GNU Manifesto we set forth the goal of developing a free Unix-like system, called GNU. The Initial Announcement of the GNU Project also outlines some of the original plans for the GNU system. By the time Linux was started, GNU was almost finished.

Most free software projects have the goal of developing a particular program for a particular job. For example, Linus Torvalds set out to write a Unix-like kernel (Linux); Donald Knuth set out to write a text formatter (TeX); Bob Scheifler set out to develop a window system (the X Window System). It’s natural to measure the contribution of this kind of project by specific programs that came from the project.

If we tried to measure the GNU Project’s contribution in this way, what would we conclude? One CD-ROM vendor found that in their “Linux distribution”, GNU software was the largest single contingent, around 28% of the total source code, and this included some of the essential major components without which there could be no system. Linux itself was about 3%. (The proportions in 2008 are similar: in the “main” repository of gNewSense, Linux is 1.5% and GNU packages are 15%.) So if you were going to pick a name for the system based on who wrote the programs in the system, the most appropriate single choice would be “GNU”.

But that is not the deepest way to consider the question. The GNU Project was not, is not, a project to develop specific software packages. It was not a project to develop a C compiler, although we did that. It was not a project to develop a text editor, although we developed one. The GNU Project set out to develop a complete free Unix-like system: GNU.

Many people have made major contributions to the free software in the system, and they all deserve credit for their software. But the reason it is an integrated system—and not just a collection of useful programs—is because the GNU Project set out to make it one. We made a list of the programs needed to make a complete free system, and we systematically found, wrote, or found people to write everything on the list. We wrote essential but unexciting (1) components because you can’t have a system without them. Some of our system components, the programming tools, became popular on their own among programmers, but we wrote many components that are not tools (2). We even developed a chess game, GNU Chess, because a complete system needs games too.

By the early 90s we had put together the whole system aside from the kernel. We had also started a kernel, the GNU Hurd, which runs on top of Mach. Developing this kernel has been a lot harder than we expected; the GNU Hurd started working reliably in 2001, but it is a long way from being ready for people to use in general.

Fortunately, we didn’t have to wait for the Hurd, because of Linux. Once Torvalds freed Linux in 1992, it fit into the last major gap in the GNU system. People could thencombine Linux with the GNU system to make a complete free system — a version of the GNU system which also contained Linux. The GNU/Linux system, in other words.

Making them work well together was not a trivial job. Some GNU components(3) needed substantial change to work with Linux. Integrating a complete system as a distribution that would work “out of the box” was a big job, too. It required addressing the issue of how to install and boot the system—a problem we had not tackled, because we hadn’t yet reached that point. Thus, the people who developed the various system distributions did a lot of essential work. But it was work that, in the nature of things, was surely going to be done by someone.

The GNU Project supports GNU/Linux systems as well as the GNU system. The FSF funded the rewriting of the Linux-related extensions to the GNU C library, so that now they are well integrated, and the newest GNU/Linux systems use the current library release with no changes. The FSF also funded an early stage of the development of Debian GNU/Linux.

Today there are many different variants of the GNU/Linux system (often called “distros”). Most of them include non-free software—their developers follow the philosophy associated with Linux rather than that of GNU. But there are also completely free GNU/Linux distros. The FSF supports computer facilities for two of these distributions, Ututoand gNewSense.

Making a free GNU/Linux distribution is not just a matter of eliminating various non-free programs. Nowadays, the usual version of Linux contains non-free programs too. These programs are intended to be loaded into I/O devices when the system starts, and they are included, as long series of numbers, in the “source code” of Linux. Thus, maintaining free GNU/Linux distributions now entails maintaining a free version of Linux too.

Whether you use GNU/Linux or not, please don’t confuse the public by using the name “Linux” ambiguously. Linux is the kernel, one of the essential major components of the system. The system as a whole is basically the GNU system, with Linux added. When you’re talking about this combination, please call it “GNU/Linux”.

If you want to make a link on “GNU/Linux” for further reference, this page and http://www.gnu.org/gnu/the-gnu-project.html are good choices. If you mention Linux, the kernel, and want to add a link for further reference, http://foldoc.org/linux is a good URL to use.

Addendum: Aside from GNU, one other project has independently produced a free Unix-like operating system. This system is known as BSD, and it was developed at UC Berkeley. It was non-free in the 80s, but became free in the early 90s. A free operating system that exists today(4) is almost certainly either a variant of the GNU system, or a kind of BSD system.

People sometimes ask whether BSD too is a version of GNU, like GNU/Linux. The BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them, but the code had little overlap with GNU. BSD systems today use some GNU programs, just as the GNU system and its variants use some BSD programs; however, taken as wholes, they are two different systems that evolved separately. The BSD developers did not write a kernel and add it to the GNU system, and a name like GNU/BSD would not fit the situation.(5)

Notes:

  1. These unexciting but essential components include the GNU assembler, GAS and the linker, GLD, both are now part of the GNU Binutils package, GNU tar, and more.
  2. For instance, The Bourne Again SHell (BASH), the PostScript interpreter Ghostscript, and the GNU C library are not programming tools. Neither are GNUCash, GNOME, and GNU Chess.
  3. For instance, the GNU C library.
  4. Since that was written, a nearly-all-free Windows-like system has been developed, but technically it is not at all like GNU or Unix, so it doesn’t really affect this issue. Most of the kernel of Solaris has been made free, but if you wanted to make a free system out of that, aside from replacing the missing parts of the kernel, you would also need to put it into GNU or BSD.
  5. On the other hand, in the years since this article was written, the GNU C Library has been ported to several versions of the BSD kernel, which made it straightforward to combine the GNU system with that kernel. Just as with GNU/Linux, these are indeed variants of GNU, and are therefore called, for instance, GNU/kFreeBSD and GNU/kNetBSD depending on the kernel of the system. Ordinary users on typical desktops can hardly distinguish between GNU/Linux and GNU/*BSD.

How to use SSH

 

To use ssh, you’ll need an ssh client for your local computer.  We recommend PuTTY

Once you’ve installed your ssh client, load it up and you should be given a space to enter some information.  You’ll want to select “SSH” on port 22.  You can past in the name of your server “domain.com” or the ip “1.2.3.4” in the the space that says “Host Name (or IP Address)”.  Click Open.

If you’ve entered all info correctly, you should be prompted with a large black screen asking for your login information.  If you are doing system tasks, you’ll probably need root access.  If you have root access, enter “root” and press enter.. sometimes it can take several seconds before you see any change.   Enter the root password (and press enter), and if everything works, you should see a command prompt, ex:[[email protected]]#

You are now on the server. This is your starting point.

From here you can do anything, including destroy your server, so you must be very careful with the commands you enter.

Some basic commands include:

List: ls[[email protected]]# ls
file1.txt   file2.txt   file3.txt

Change Directories: cd[[email protected]]# cd /home/admin

Remove a file: rm[[email protected]]# rm file1.txt
rm: remove `file1.txt’ ? y

Once you’ve finished working, you can type[[email protected]]# exit

and the ssh window should be closed.