Linux Is NOT SAFE!

Added: 2026-05-12

[00:00:00]Linux is not safe. What am I talking about? Let's find out. So, if you've been in and around the Linux news and Linux world recently, two of the biggest things that have happened have been security vulnerabilities. Okay? Uh the first one was copy fail and the second one was called dirty frag. And you probably saw Linux videos on this. And in fact on this channel I did uh two posts about the the two different security vulnerabilities so people could be aware of them and so they could effectively patch well it's not really patch but uh resolve the issue temporarily in their system until a distribution um created the fix or whatever. Okay.

[00:00:45]And these two here so this first one was copy fail. what it did, it allowed you to gain root access if you were an unprivileged user. Okay. And then the second one was basically the same thing, copy fail. I think there's actually technically two security flaws and again it allowed uh privilege escalation um if you were just a regular user without without it basically. Okay. And um and what was interesting about these these were two um security issues that you had to effectively like I've just said uh fix or resolve yourself until the distribution had the fix. Okay. So historically if you think of like Windows and Mac and of course even Linux a vulnerability comes out but usually at the same time the fix is there or you're made aware of it and you just told to update your system okay and that was been the same for Linux really. So, you know, historically, you would do, I don't know, if you're in like Arch Links, you do a pseudo Pac-Man-SU, and you just update your system, and the vulnerability would be fixed or or uh you know, whatever your distribution is, you know, DNF if you're on Fedora and apt if you're on Buntu. However, what was interesting here in so this is the dirty frag situation. And what you effectively had to do was uh copy code into your terminal and disable actually modules in the Linux kernel that were running that were potentially going to leave you vulnerable and disable them. So you you basically boot up your system every time and certain modules are actually disabled because there security issues.

[00:02:32]Okay, so this isn't like a fix a patch.

[00:02:35]No actual code has been fixed here if that makes sense. Okay. So, um you know, a completely different situation to the regular problem of security that we've dealt with in operating systems recently and this happened twice in about a week.

[00:02:54]Okay, so this is quite a serious situation. And why has this sort of come about? Well, this has come about because apparently because of AI tooling has allowed um let's say vulnerabilities to be discovered quicker. So you know AI tooling can run relatively fast through a code base and you know given enough you know assuming it's training data is good enough it can pattern match basically the issues faster than say a uh security researcher and this is these are being released let's say these vulnerabilities are being released to the public faster than the distributions are either willing to fix them so to speak or they're just being fixed and it includes the Linux kernel because the Linux kernel has release cycles and just seems to be that these are coming out sooner and you're having to manually do it. Now, for most users, this isn't going to be a likely situation, right?

[00:03:50]For most users, they won't even either be aware of it unless it's in like some major news or they're not going to even know where to go. They, you know, for them just the thought of like putting something in a terminal is like, you know, scary. I don't know what I'm doing here. maybe it's like a concept they can't even um comprehend. And one of the things I would say about why I've had such an issue with computer user interfaces and computing on the personal desktop and computer side over the last decades is is it basically all this veneer that's pulled over your eyes or the graphical user interfaces make you know the guts of the machine let's say the operating system less accessible.

[00:04:32]you know, just doing these things that aren't, you know, too elaborate, which is putting some code in a terminal, becomes scary and, you know, unapproachable for most users in a way that probably wasn't in the 80s, uh, early 80s certainly and maybe the 70s when, you know, personal computing kind of really took off.

[00:04:52]So now, what now I've got that out there, what am I really saying then about Linux? And maybe it's not even specific to Linux, to Mac and Windows because unless they have a security issue that's patched um in an update, they're going to be exposed as well.

[00:05:10]Now, you can assume that, you know, paid paid software is going to fix it sooner, but who knows? So, what is is, you know, happening with Linux? What are we going to do to fix this? Well, in a way, there's not a lot you can do. And one of the ideas is uh Linux kernel kill switch proposed after recent vulnerability disclosures. Linux kernel developers are reviewing a kill switch proposal that can disable vulnerable functions after a recent CVE disclosure.

[00:05:42]So you know a kill switch is effectively doing the same thing as the instructions on the vulnerabilities okay that came out the instructions to resolve the vulnerability is effectively turn off this module except you might get some kind of kernel um you know or you might get some core core utility I don't know you might get some I haven't looked at the code itself but you might be getting some kind of little uh utility within Linux to turn off um these these kind of functionalities because mod probe is actually a tool in Linux where you can turn off uh programs so programs you can turn off bits of the kernel let's say I don't know Bluetooth um other things I actually use it myself and I think I've got it in like um TTYSH what I use my Linux distribution to turn off um certain things like uh I don't know fan controls or whatever anyway irrespective of that this is the idea that they're talking about in the actual Linux kernel main list. So this is like you know um upstream of all the distributions. This is like the first sort of situation.

[00:06:51]Something happens in the kernel. You load up this module maybe that can turn off other modules in the kernel. So last week two critical Linux kernel vulnerabilities were disclosed prompting significant within the community. In response, developers are now reviewing a proposal for an emergency quil kill kill switch mechanism to reduce exposure following public disclo disclosure of serious vulnerabilities. Sasha 11, an Nvidia engineer and Linux stable kernel co-maintainer submitted the patch allows a system administrators to temporarily disable a vulnerable kernel function while awaiting a security update. The concept is simple.

[00:07:31]If dangerous code path is identified, the kernel can be instructed to stop using that function instead of executing normally, the function would return an error. While this does not resolve an underlying bug, it can block access to the vulnerable path until a patched kernel is available.

[00:07:51]So they're calling it like a function here.

[00:07:54]So you have certain things in the Linux kernel that you know do like cryptography and that and I think that was like particularly when it was explained about the copy fail um the what is it the a out path they've got it listed here you know does like certain cryptography and you know you can have like some kind of uh buffer that can be overwritten or something you know if you work in kernel um Linux kernel stuff you probably would understand this of course in in in a more specific way.

[00:08:27]So the proposal follows the recent kernel vulnerability disclosures including copy fail and dirty frag. Copy fail is particularly relevant as the patch includes a self test referencing the CVE to demonstrate how kill switch could block the affected AF path. Dirty frag is not used as a direct test case but it was also relevant. Illustrates the broader issue. serious kernel bugs may become public before fixes are widely available. During this period, administrators may temporaryary method to reduce risk without waiting for the full update cycle. So, like I said sort of at the top of the video, uh these two vulnerabilities that were relatively seriously now there are arguments that maybe if you're a sort of single-use person on a computer and you know other circumstances not serious but you know containers were vulnerable I believe and you know virtual machines and whatever um and these were starting to be exploited in the public with the copy fail certainly that came out that they were being exploited. So this is a very serious thing for Linux systems across the world. And um here's the interesting thing when they're sort of saying uh administration really this doesn't exist for a normal person. So if you are a user of a computer effectively the system administrators are the distributions or you know say window Microsoft with Windows and Apple with Mac they're the administrators because when you get told to do an update they're doing the administration that's basically what it's coming down to. Um, a normal user is not going to either probably be aware of this if it unless it does make like national news and they're probably going to be intimidating and that could be an excuse to learn, get their hands dirty.

[00:10:17]But it certainly, you know, speaks to a whole new world we're living in now where um until kernel it security issues are patched, you know, you're having to basically turn off modu modules in or whatever stop paths to the Linux kernel because of this sudden security risk in a way that's never really happened before. And does that mean Linux is not really safe anymore? Well, I'd say for some people if this keeps happening, no operating system is safe anymore because if these vulnerabilities are being churned out by AI, you know, at a rate that is faster than, you know, historic models of fixing these issues even for, you know, big teams like Microsoft security and Apple's security for Windows 11 and Mac OS.

[00:11:10]You know, this is really quite an extraordinary situation and you know, I just don't think most people are going to either be aware of it or fix it.

[00:11:21]So, Leven's patch makes the feature available through the kernel security FS interface. A privileged administrator can enable kill switch for a specific function causing it to fail immediately.

[00:11:32]This change takes effect at runtime and remains active until disabled or the system is rebooted. The proposal targets code paths that most systems do not rely on daily. Leving sites areas such as various areas in the kernel. In some environments, temporarily disabling these features may be less disruptive than running a kernel with a known vulnerability. However, the feature carries clear risks. The patch does not include automatic safety checks to determine if a function can be safely disabled. Disabling the wrong function or returning an incorrect value could disrupt system behavior or cause new issues. Therefore, this is not intended as a general purpose security switch for casual use. And here's the other thing.

[00:12:14]You know, a lot of the operating systems have become through, you know, what they're having to do now. So, you know, operating system has all this stuff built on it, right? And you know, if you think of say distributions, you know, particularly heavy distributions, they're probably making lots of system calls and and whatever to maybe utilize, you know, kernel features and whatever. Who knows? I don't really know for sure, but you could imagine particularly um a heavy distribution uh or a particularly uh bloated system maybe makes you know all kinds of um system calls down to the kernel and who knows if this could break uh the system and if you're certainly somebody who you know is just a regular user I mean in theory I'm just a regular user right um I could probably work stuff out and you know do research search, but you know the real regular user who you know uses, I don't know, Buntu, maybe Fedora or maybe even Cache OS, you know, they probably never even used a terminal before. This is scary stuff in the first place. How are they going to troubleshoot these issues if they get them and break their system?

[00:13:30]It's also important to make it clear that this mechanism is not live patching. It does not replace vulnerable code with a corrected version, but only blocks a selected function from running.

[00:13:39]A full kernel update is still required to properly address the vulnerability.

[00:13:43]It could simply provide an emergency mitigation tool for the period between public disclosure and full patch deployment. So again, this is the kind of crazy situation we are in now. Um that you know we are not there's no patching going on. know like uh you know you hear the zero day vulnerability install the latest uh Mac OS update or installed the latest Windows 11 update.

[00:14:09]No, this is you've got to get down and dirty to you know just to make sure you are not being exploited or your system's not being taken over by hackers or root ex escalation because nobody's coming to help you. Basically this the thing gets released on the internet and it's like a mad panic to fix your machine before you get obliterated right so you know you're not actually fixing anything you it's like a mitigation right you're not actually patching the kernel you know that could be you know weeks away months away you know depending on your distribution depending on what happens in a Linux kernel and so here we go you know this is just like madness as of now the kill switch patch is still under review it's not been accepted into the colonel. Now, this was a couple of days ago. Uh they have got the mailing list. So, um I think I think I did have a quick look at it. It didn't look like it's been accepted yet. I might be wrong, but um yeah. So, uh you know, this is the crazy world we're living in now. You know, using a computer again has become like the old days of, you know, Windows 95, 98 or whatever. you know, like ports, you know, you need a firewall because your ports are all open and get exploited by somebody, you know, um, you know, any bit of software could be full of, you know, malware or worms or viruses or whatever. And now we're living in these crazy days again where, you know, Linux as well used to be known as like, you know, partly because of obscurity, right? because okay, yes, everybody knows that Linux servers run the world, but that wasn't always the case. But also that, you know, maybe Linux isn't always on the mind of hackers. They want to go after personal users. I know that's kind of changed in recent years with companies being um hacked and whatever, but they want to go after personal users. They're easy. They're easy access. And of course, what do personal users even today use? They use Windows, right? That's basically and I know that you know there's a reasonable number of Mac users but yeah these are like the lowhanging fruit right and uh it seems to be and Linux isn't exclusive in this you know all operating systems seem to be that they're going to be lowhanging fruit possibly for the near future if AI tooling is you know incredibly quick exposing um code vulnerabilities or vulnerabilities in operating systems.

[00:16:37]So, um, yeah, not a good future to look forward to at this rate. And if they're making a kill switch, you know, that perhaps this is quite serious. So, um, who knows? Hopefully, we won't have any more huge vulnerabilities this week or the next week. Um, I mean, we had a big scare a couple of years ago with XZ drama, if you remember that. But, um, who knows? Who knows what how it's going to go, but I just thought I'd highlight that. And, uh, yeah, I'll I'll leave it there.

[00:17:04]So, you know what to do. the fake YouTube. Like, comment, subscribe, and I want to give special thanks to the patrons of the channel. That's Sean and Soul. Thank you guys very much supporting the channel through Patreon.

[00:17:15]If you want to become a Patreon, look in the description. All the information is there. And uh yeah, so I'll see you in the next one.