s4story -- We hear about computer software security problems more often than ever now and with kernel attacks on Linux, it seems they get more dangerous each time. Recently a nasty Linux bug named Dirty Frag was found and our team was able to show how 25 years of development and stable releases is safer than most of the latest new kid on the block software. Building the software the harder, right way the first time with good engineering helps prevent headaches.
For the technical reader these notes will explain how a team digs in.
This class of bug is related to the low level "struct sk_buff" buffer management data structures

More on S For Story

• New Kickstarter Launches for Ocean Eco-Thriller Blue Planet – Red Tide
• George Martinez Completes Community Re-distribution Initiative, Returning $5,000 In Campaign Resources To Anchorage Nonprofits
• Mister Omaha Tries The Turf At Lone Star Park
• Andrew D. Levine Releases The Lily Network, an Indian Noir Mystery of Power, Paperwork & Murder
• The Mapping Software Behind America's Viral Maps Just Got Faster and Smarter

The OpenAFS kernel module as designed does not have access to that layer of buffer management, rather it uses the regular socket APIs for network traffic.
We also had to consider what happens when people start implementing the several recommended remediation fixes to mitigate the problem in other software.
The recommended mitigation steps involve disabling the `esp4`, `esp6`, and
`rxrpc` kernel modules. These actions will not negatively impact the
functionality of the OpenAFS kernel module.
The bugs disclosed today look to be more of the same issues as the
recent "Copy Fail" issues, which also affected the kernel socket buffer
management.
You keep your team working and we will keep minding the store for you.
https://www.sinenomine.net