this post was submitted on 09 May 2024
69 points (98.6% liked)
Linux
48328 readers
540 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Unfortunately Linux is affected https://github.com/leviathansecurity/TunnelVision
I read the Arstechnica article too where they say Linux isn't affected then link to the researchers video where they show Linux being affected...
Oh. It doesn't work with WireGuard then. It probably works with garbage. Thank you.
I am afraid you are still a bit misled; WireGuard is exactly what they use for the demo video. In general the underlying protocol does not matter, since the vulnerability is about telling the system to direct the packages to the attacker, completely bypassing the VPN.
That "vulnerability" seems more like a case of "people who use hostile networks have not considered which features that work as designed should be disabled in their use case".
Does it matter?
This is a vulnerability anyway and we should be take care of.
It does matter if people now advocate to routinely disable useful features by default because they are a problem for their particular use case.
what features are you talking about?
The ability to set static routes via DHCP server or for that matter the ability to remote boot systems via DHCP server which has similar problems if you can't trust the DHCP server.
I see what you mean now. I wouldn't advocate for people to disable DHCP features either. It should be the VPN provider's responsibility to provide a proper VPN client that mitigates attacks like these.
Using untrusted networks is quite common, like coffee shop wifi or airport wifi.