Linux on Windows Exposes a New Attack Surface

An anonymous Slashdot reader writes: The Linux in Windows 10 isn't running inside of a hypervisor; it's "running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface." eWeek reports on a new threat discovered by Alex Ionescu, the chief architect at cybersecurity company Crowdstrike, which begins with the fact that "The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories."

Ionescu says "There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows." According to eWeek, "The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated." Ionescu describes it as "a two-headed beast that can do a little Linux and can also be used to attack the Windows side of the system."

Big, fat, NO FREAKIN' DUH!

[Dog-Cow]

If the Linux personality has the same level of access to the kernel as the Windows personality, then this is a natural consequence. It's the same as if MS added a dozen new win32/64 APIs that could be exploited by apps with appropriate privileges. New code, new bugs. Total non-story.

Re:Big, fat, NO FREAKIN' DUH!

[redmid17]

I'm glad you beat me to typing "NO SHIT".

Next story we're gonna get is, "If you install a database or 3rd party program, the attack vector gets larger!"

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

It's not even that. You are NOT running linux under windows. There is no such thing. Even Canonical admits that. It's just parts of the Ubuntu user space. No linux kernel. No vm. No container. Nada. Think of wine in reverse.

Linus (or rather, the linux foundation) should sue for slander for anyone calling it "linux under windows."

Re:Big, fat, NO FREAKIN' DUH!

[retchdog]

I'd just like to interject for moment. What you're referring to as Linux, is in fact, GNU/Windows, or as I've recently taken to calling it, GNU plus Windows. Linux is not an operating system unto itself, but rather another possible alternative for a fully functioning system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as (sort of) defined by POSIX. This so-called Linux distribution is really a distribution of GNU/Windows!

Re:Big, fat, NO FREAKIN' DUH!

Anyone who wants to learn more about this can read up on the Windows Subsystem for Linux. Quoting from the linked overview:

WSL executes unmodified Linux ELF64 binaries by virtualizing a Linux kernel interface on top of the Windows NT kernel. [...] The Windows Subsystem for Linux includes kernel mode drivers (lxss.sys and lxcore.sys) that are responsible for handling Linux system call requests in coordination with the Windows NT kernel. The drivers do not contain code from the Linux kernel but are instead a clean room implementation of Linux-compatible kernel interfaces.

-PCP

Re:Big, fat, NO FREAKIN' DUH!

[Blaskowicz]

Non-story?
It somewhat endangers straight-up Linux users. Exploitation of software flaws in Ubuntu LTS will be more sought after by hackers and criminals, as that allows to reach a population of Windows "power users" who might or might not be careless (gamers who started with Windows 95 or XP and think they have computer skills because they buy expensive hardware and plug it together. But well, no reason more knowledgeable users can't get owned)

Re:Big, fat, NO FREAKIN' DUH!

No systemd?

Break out my dancing shoes!!! All my daemons and programs just got more stable!!! No random "UserKillProcess", "symlinks for /etc/resolv.conf", and "hide the attached USB drive", and "steal flags from the kernel API to use for own mislabeled nonsense and *break booting*"!!! Woo-hoo, my happy feet are, indeed happy!!!

Re: Big, fat, NO FREAKIN' DUH!

It's not fucking Linux unless it runs the Linux kernel.

Re:Big, fat, NO FREAKIN' DUH!

[gweihir]

Indeed. And what is even more, having Linux user-space components running on top of a translation layer is not new either. Cygwin has been doing it for ages.

Re:Big, fat, NO FREAKIN' DUH!

Seems excessive to call it GNU/Windows since GNU isn't a vital or major part of the system but rather just a package of tools added upon it.
It's not like one would ever call it Adobe Creative Suite/Windows.
The whole GNU/Linux expression is just to stroke Stallmans ego.

Just call it GNU toolkit for Windows or Ubuntu toolkit for Windows, there is no need to indicate that it is somehow an integral part of the operating system since it is not.

Re:Big, fat, NO FREAKIN' DUH!

[Opportunist]

ANY program you install that even remotely thinks about accepting input in any way is a potential attack vector. Why do you think anyone who has even a passing interest in his computer's security is up in arms about all the "free" crapware programs delivered with a new laptop?

Re:Big, fat, NO FREAKIN' DUH!

[Opportunist]

You traded systemd for Windows. Are you still dancing? Or is that just you trying to get your feet away from the hot red coals?

Re:Big, fat, NO FREAKIN' DUH!

Ummm no, this is explicitly /not/ what Cygwin does. Cygwin provides a Unix-style /API/, not a Linux /ABI/. You can't run an unmodified Linux binary under Cygwin, you get to recompile your source.

Re:Big, fat, NO FREAKIN' DUH!

[NotAPK]

"GNU rootkit for Windows"

Has a nice ring to it.

Re:Big, fat, NO FREAKIN' DUH!

[Dr.Dubious+DDQ]

The kernel is actually "NT", I believe.

Therefore, it really ought to be "GNU/NT" (pronounced "guh-nunt", because that amuses me for some reason.)

Re: Big, fat, NO FREAKIN' DUH!

[Vitus+Wagner]

It is really a GNU subsystem for Windows.

Re: Big, fat, NO FREAKIN' DUH!

it's really just another attempt by microsoft to sour the reputation of linux.

Re:Big, fat, NO FREAKIN' DUH!

[unixisc]

But if it has things like hardware access, ain't that like how FreeBSD supports Linux jails? Allow them direct hardware access, while doing API level translation of Linux to BSD system calls? How exactly is this different, or worse? And does Microsoft translate Linux API to win64, or just let it run raw on the hardware?

Re:Big, fat, NO FREAKIN' DUH!

Actually, the attack surface has always been there. No new APIs needed. A library added to translate those APIs into what LOOKS like Linux system calls.

Re:Big, fat, NO FREAKIN' DUH!

[bev_tech_rob]

"GNU rootkit for Windows"

Has a nice ring to it.

No kidding! LOL. Anyhow, the Linux subsystem is not enabled by default (at least mine wasn't) after the Anniversary Update and you have to jump through a couple of hoops to get it going. Hopefully will be a non-issue and whomever DOES enable that will take the appropriate precautions.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Only freetards insist on calling it GNU/anything. Bet you won't be calling it Oracle/Gnu/Linux if it has mysql or openoffice or Java installed. Same as you won't call it Adobe/windows if it has photoshop installed.

Re:Big, fat, NO FREAKIN' DUH!

[McGruber]

Linus (or rather, the linux foundation) should sue for slander for anyone calling it "linux under windows."

Maybe we should call it NotGnuDows ?

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Think of it as a shim. The binary makes the call to the shim, the shim calls windows code.

Re: Big, fat, NO FREAKIN' DUH!

[Junta]

Actually, it's not GNU either. It's an implementation of Linux kernel system calls. It only becomes GNU-ish after installation of Ubuntu libraries.

It's not a Linux kernel, it's not an emulator, it's an alternative implementation of Linux system calls.

Re:Big, fat, NO FREAKIN' DUH!

[gweihir]

And that matters why? You have the same translation layer, just in a slightly different place vertically.

Re: Big, fat, NO FREAKIN' DUH!

This is the first I've heard of this project.

Is this WINE in reverse?

Re:Big, fat, NO FREAKIN' DUH!

Going from SystemD to svchost.exe sounds like a lateral move to me.

Re: Big, fat, NO FREAKIN' DUH!

[infernalC]

So is it essentially a new POSIX interface? Why don't they just call it that?

Re:Big, fat, NO FREAKIN' DUH!

I don't know, it might be an improvement?

Re: Big, fat, NO FREAKIN' DUH!

[danbob999]

Exactly, but with the stupid "Bash On Ubuntu On Windows" name.

Re: Big, fat, NO FREAKIN' DUH!

[danbob999]

it's not a POSIX interface, it runs native Linux (not BSD, not OS X, not other POSIX OS) AMD64 binaries

Re:Big, fat, NO FREAKIN' DUH!

[DrXym]

A bad example since Cygwin is basically a kludge DLL with Posix functions and path mapping that allows recompiled binaries to think they're running against some kind of *nix environment.

A GOOD example would be coLinux which came out years ago and genuinely allowed a Linux dist like Debian to run in Windows at full speed. It wasn't a VM but used a modified kernel that ran over a low level driver. As far as the dist was concerned it was Linux but it was running over Windows.

Re: Big, fat, NO FREAKIN' DUH!

Does systemd load shared libraries with a common interface?

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

Only freetards insist on calling it GNU/anything. Bet you won't be calling it Oracle/Gnu/Linux if it has mysql or openoffice or Java installed. Same as you won't call it Adobe/windows if it has photoshop installed.

So, isn't OS X/macOS much closer to a "Linux hybrid" than this is? I know that macOS is not built on a Linux Kernel; but as far as being something other than just the smoke-and-mirrors thing that this appears to be, isn't macOS MUCH closer to the "heart of Linux" than this "Inverse WINE" clusterfuck?

Re: Big, fat, NO FREAKIN' DUH!

[Opportunist]

...and makes it REALLY hard for you to find out without any extra tools what exactly it loaded and with what parameters?

Re: Big, fat, NO FREAKIN' DUH!

Here's the silver lining. Security though obscurity is terrible.

Re:Big, fat, NO FREAKIN' DUH!

[slashrio]

I always thought 'linux' is the kernel, 'GNU' the operating system with some applications. Therefore: GNU/Linux.

Re:Big, fat, NO FREAKIN' DUH!

[TheRaven64]

It's exactly the same as FreeBSD's Linux syscall layer (and Linux's various SysV and so on syscall layers). Win64 is a higher-level set of APIs (the Windows syscall interfaces are not very documented and you're strongly discouraged from using them), this is not translating them into Win64, it's using the same kernel services that it uses to implement the syscall interfaces used by kernel32.dll to implement the Linux syscalls. Oh, and there's also an ELF loader.

Re:Big, fat, NO FREAKIN' DUH!

The whole GNU/Linux expression is because RMS invented most of a free OS, then Linus added a kernel to it.

Re:Big, fat, NO FREAKIN' DUH!

[TheRaven64]

That's not really a good way of thinking about it. A syscall layer translates from some public API into a set of internal calls used by the kernel. Windows provides a few syscall layers already (32- and 64-bit versions of the Windows system call layers, at the very least and others depending on the version of Windows that you're using). This provides another that translates from the Linux system calls.

Re: Big, fat, NO FREAKIN' DUH!

[almitydave]

Exactly, but with the stupid "Bash On Ubuntu On Windows" name.

Acronym is "BOUOW", pronounced "bow-wow".

Re: Big, fat, NO FREAKIN' DUH!

[Bing+Tsher+E]

A good example would be Interix, which is/was a whole posix subsysten that runs on the bare NT kernel, alonside the win32 subststem and whatever other subsystems you want.

And Interex even showed the danger of exposing layers like this On a Windows machine. Back in the day I worked in the software area of a medical device company that produced implantable devices. We all worked on a vast network that had NT, Solaris and OS/2 systems, for various parts of the build.

I installed Interix on my Win2K desktop to help me do some things (I was responsible for build/release and some testing). I discovered that for whatever reason, my new NT based posix workstation was inheriting the rights of my account on Solaris NFS shares across the network. As we all had admin access on our Windows boxes, I decided to create a throwaway user account on my PC with the username of one of the senior developers. By logging into this account, I had full access to alter, create, or delete the files owned by this developer. Interix totally bypassed the Solaris security system on our network.

Creepy discovery.

Re:Big, fat, NO FREAKIN' DUH!

freetards

Oh, grow up.

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

That's because you have a usable system without a database or image editor. A kernel with no userspace isn't useful.

Re: Big, fat, NO FREAKIN' DUH!

One could argue it actually is Microsoft's current attempt at fucking Linux.

Re:Big, fat, NO FREAKIN' DUH!

No. OSX is derived from BSD.

Re:Big, fat, NO FREAKIN' DUH!

What you're referring to as Linux, is in fact, GNU/Windows, or as I've recently taken to calling it, GNU plus Windows

GWindows!

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Wow, just wow. BSD was around long before linux. FreeBSD isn't just used to underpin OSX either - it's also the OS for the last few Playstations (FreeBSD 9 as modified by Sony).

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

The "translation" is not the same as done in, say, a JIT. There's no dynamic (or static) translation - you're dealing with precompiled binaries. People worked for a while on static translation, so that a binary from one platform would be translated into a binary on the other platform, but copyright issues killed that idea. shims have no copyright issues.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

And I say the same who insist on calling it "gnu/linux" - they lost, grow up and get over it. It's not gnu/linux any more than it's gnu/freebsd, gnu/osx, or (ahem) oracle/android.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

A user space without a kernel is useless. However, there's no reason anyone can't just add the code they want to the kernel to perform specific tasks, no user space required. The kernel's printk function isn't user space, even though it shows you all those pretty boot messages. The kernel can also do all sorts of other stuff, including interacting with the user by parsing the user's command-line arguments at boot time.

You can build any arbitrary functionality you want directly into the kernel - just the core kernel and a bunch of loadable modules (or you can even compile them right in so they're available without needing to be loaded by the module loader).

The question is why would you bother? In the context of this article, which is about security concerns, having no bloated user space means less of an attack surface.

Re:Big, fat, NO FREAKIN' DUH!

[TheRaven64]

Because you do not have the same translation layer at all. Cygwin translates POSIX library calls into Win32 library calls, which then invoke Windows system calls, which then implement the required functionality using Windows NT kernel services. In contrast, this implements Linux system calls using Windows NT kernel services. Translation is only happening in the same sense that the Windows NT kernel translates from kernel32.dll-issued system calls into its internal services. If you don't think that this is a significant difference, consider how fork() will be implemented by both.

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

You're talking about welding a userspace onto a kernel. It can be done, but the Linux kernel doesn't do that. Nor does the GNU userspace have a kernel welded on it. Collectively, they provide a useful system. So, GNU/Linux.

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

No. OSX is derived from BSD.

I KNOW that OS X/macOS is a Unix, rather than a Linux-based OS (whereas Linux is a COMPLETELY separate Development "path" than ANY Unix); but since Linux is pretty-much nothing more than a "clean-room" implementation of Unix, I thought that since macOS actually DOES have a *nix-based Kernel (unlike MS' abomination), it might be a little more capable that this LoW (Linux-on-Windows) thing.

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

Wow, just wow. BSD was around long before linux. FreeBSD isn't just used to underpin OSX either - it's also the OS for the last few Playstations (FreeBSD 9 as modified by Sony).

I'm sorry. I didn't state my actual question very clearly.

What I meant was "Isn't macOS closer to what a Linux afficianado would "recognize" (once we get past the GUI stuff), than what MS has train-wrecked together here?"

Re: Big, fat, NO FREAKIN' DUH!

[danbob999]

They also call the underlying technology "Windows Subsystem for Linux (WSL)", while performing the exact opposite (it is a Linux Subsystem for Windows).
I guess it is what you must expect from a company placing all 64-bit files in System32 and 32-bit files in SysWOW64. And where x64 is greater than x86. x86-64 was too long so they removed a few characters.

Re:Big, fat, NO FREAKIN' DUH!

[gweihir]

For the discussion at hand, I fail to see a difference.

Re:Big, fat, NO FREAKIN' DUH!

I don't know... depending on your Linux user, one might prefer Windows over systemd. At least with the former, you have some options and control

/ :P

Re: Big, fat, NO FREAKIN' DUH!

http://www.gentooexperimental....

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Nobody gives a shit about calling it gnu except a few freetards. Most of the software on the typical distro dvd is NOT gnu. Go suck some more of stallman's foot cheese.

Re: Big, fat, NO FREAKIN' DUH!

And which of those is killing your CPU and trashing your disk!

Re: Big, fat, NO FREAKIN' DUH!

Uh, that's how NFS is designed to work (before/without Kerberos or some horrible hacks).
Whoever allowed a not-100%-verified-trusted computer to access NFS was careless and to blame for it.
All you did was discover a massive security hole in your setup that anyone could have exploited with a custom NFS implementation, a Linux boot disk or 10s of other ways, Interix only made it easy.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Wow, just wow. BSD was around long before linux. FreeBSD isn't just used to underpin OSX either - it's also the OS for the last few Playstations (FreeBSD 9 as modified by Sony).

I'm sorry. I didn't state my actual question very clearly. What I meant was "Isn't macOS closer to what a Linux afficianado would "recognize" (once we get past the GUI stuff), than what MS has train-wrecked together here?"

Sorry if I misunderstood. It would be if it weren't for "the Apple way" stuff getting in the way. Same as Ubuntu is more usable without unity. I guess we all have our preferences. That being said, anyone who already wanted a collection of *nix utilities to run under windows will have already downloaded cygwin, which has really improved.

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

Sorry if I misunderstood. It would be if it weren't for "the Apple way" stuff getting in the way.

No worries. As I said, I think I didn't state my question too clearly. And quite frankly, I'm not sure I did much better on the second attempt, LOL!!!

"The Apple Way" stuff you are referring to: Are you talking about the GUI, or macOS' propensity to play a bit of hide-and-seek against the casual browser of System files (which is easily defeated temporarily or permanently) (caution: Sound on that Page)? By the way, that stuff works on other "Hidden" Directories, too. Or are you talking about something(s) else?

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

Actually, I was just pointing out how weak your particular argument is. I don't personally get all that bent out of shape over it (though apparently you do). I'm not really sure how big your ass is, so if I need to yell louder for you to hear me, just let me know.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

The UI. My sister loves hers, and she can keep it. Mind you, it's pretty long in the tooth now, but still runs just fine, which justifies the premium she paid for it.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

If you were pointing out how weak my argument is, you failed. Nobody calls a system by combining the name or brand of the user space programs with the kernel on any computer. Not OSX. Not Linux. Not *BSD. Not Windows. Trying to make an exception for linux by referring to it as gnu/linux is for, as I said, freetards.

Otherwise, all those graphic artists would be running Adobe/Windows, not Adobe Photoshop ON Windows. Nor do we have Java/Android/Linux (or if Oracle had their way in court, Oracle/Android).

Re:Big, fat, NO FREAKIN' DUH!

[UnderCoverPenguin]

You are NOT running linux under windows. There is no such thing. Even Canonical admits that.

In this case, Linux, itself, is not being run. So, should not be called "Linux on Windows" or any variation of "Linux".

However, CoLinux wraps a Linux kernel in a Windows driver so Linux runs directly on the CPU, along side Windows, with no virtualization. This is a "headless" and diskless Linux, requiring an Xserver running under Windows and a fileserver on Windows. Also, the project is very limited and has little activity.

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

Perhaps that's because it's the same for OSX and BSD. It makes sense to abbreviate BSD/BSD as BSD. There is also BSD/Linux and GNU/Hurd.

Re: Big, fat, NO FREAKIN' DUH!

[TranquilVoid]

To be as charitable as possible, it could be correct English in the sense of Windows-owned Subsystem for Linux purposes

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

The UI. My sister loves hers, and she can keep it. Mind you, it's pretty long in the tooth now, but still runs just fine, which justifies the premium she paid for it.

Well, it is interesting that there are quite a few KDE themes that emulate OS X, but nobody trying to get KDE (or anything that looks like it) running under OS X. ;-)

And all ya gotta do is launch Terminal, and you can bask in the Shell of your choice. Best of both worlds.

But make no mistake: OS X/macOS is quite serious. BTW, check out the Bill Joy quote at the bottom of that page...

Re: Big, fat, NO FREAKIN' DUH!

[Jeremiah+Cornelius]

Well, I'm shellshocked about this. My heart bleeds.

Re:Big, fat, NO FREAKIN' DUH!

You actually have no verifiable sense of humour.

Re: Big, fat, NO FREAKIN' DUH!

The Windows system is underneath the Linux system. That makes Windows the subsystem.

Re:Big, fat, NO FREAKIN' DUH!

Because who wants to recompile/port the source for every app like you have to do for cygwin when they've re-implemented the Linux ABI and you can run the same binaries? You get to use all those apt sources out there without convincing people to build for another arch.

No idea how useful this is going to be but as someone else in the comments wrote, it's like reverse WINE.
They get working apps on this new thing (platform?) for free basically.

I'm sure someone out there in Windows land will like it.

Re: Big, fat, NO FREAKIN' DUH!

[almitydave]

I guess it is what you must expect from a company placing all 64-bit files in System32 and 32-bit files in SysWOW64. And where x64 is greater than x86. x86-64 was too long so they removed a few characters.

Ugh. This still drives me crazy. And don't get me started on how much a directory named "Program Files (x86)" messes up batch scripts.

Re:Big, fat, NO FREAKIN' DUH!

[david_thornley]

The main reason to call it Gnu/Linux, as I see it, is that the Linux kernel by itself is useless without some sort of additional code, which in Linux distros is typically from the Gnu project. The combination of Linux kernel with Gnu userland is useful, so Gnu/Linux refers to the components in the basic system.

Also, the use of the word "freetards" generally marks the user as not worthy of further listening.

Re:Big, fat, NO FREAKIN' DUH!

[david_thornley]

If you need to stick two childish insults into a three-sentence post, you don't have an argument. (The third sentence doesn't respond to what you were theoretically responding to either, but it's a true statement with no insult.)

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Doesn't explain why you don't call it osx/freebsd, so no, it's not the same for OSX.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

sorry, can't check out the quote - the site is down.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Freetards are free to do whatever they want, doesn't mean that it's not retarded. And you not only read on, you replied, so obviously I must be some sort of brilliant exception if you deemed to not only read, but reply :-)

We don't call it OSX/BSD, even though just the BSD kernel, without any userland, is not going to get you very far. Same with windows, just the windows kernel won't get you much. Same with any kernel. However, that's how people refer to their operating systems - not by add-ons, because those can vary extensively and any one part is optional, whereas you usually need a kernel of some sort ...

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

And yet you continue to respond after claiming that anyone who uses the term freetard is not worthy of reading any further.

Seems that makes you a retard freetard. Now, why would I continue to try to argue at a higher level with a retard? That would be retarded; better to use words and concepts you can understand and respond to, even if only retardedly.

And before you get all pissy - you're the one whose actions defined you as retarded.

Re:Big, fat, NO FREAKIN' DUH!

[macs4all]

sorry, can't check out the quote - the site is down.

Must be hosted on someone's home PC. It's back up now...

But the page was just a list of the command-line "verbs" available in OS X/macOS.

The quote was:

"“Mac OS X is a rock-solid system that's beautifully designed. I much prefer it to Linux” - Bill Joy"

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

Whatever. It is now officially 'George' better? Wouldn't want your liver to explode of something.

Re:Big, fat, NO FREAKIN' DUH!

[david_thornley]

I paid no attention to what you were trying to say, but suggested how you can argue more effectively and without offending people unnecessarily. I'm not going to get at all pissy about this, since you aren't being worth getting annoyed over, but I do suggest you rethink how you write.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Look, you got caught bullshitting that "Perhaps that's because it's the same for OSX and BSD. It makes sense to abbreviate BSD/BSD as BSD," because OSX is referred to solely as OSX, despite it's underpinnings. It's linux, not GNU/linux, even according to your example, same as OSX and BSD. Just fess up to it that being a freetard isn't going to cut it with people who haven't swallowed the purple flavorade.

And also keep in mind that the GPL (all versions) is less free than the BSD license, which lets you use the code any way you wish, with no restrictions on distributing BSD code in your work. That, after all, is why both Sony and Apple use it.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

Caught you again. You obviously paid attention to it - that's what is known as "reading." Or are you really that much of a redtard freetard not to understand that?

As for writing offensively, I find freetards insisting on calling it gnu/linux offensive. So do many others. Maybe you should practice what you preach about not being offensive if you don't want to be labeled a freetard.

Especially since the GPL is not a free license, unlike the BSDs. Only a freetard would argue otherwise.

Re:Big, fat, NO FREAKIN' DUH!

[sjames]

I think I heard a BLAM. Sorry to hear about your liver.

As for OSX, you should know that once marketing gets involved, all bets are off.

Re:Big, fat, NO FREAKIN' DUH!

[BarbaraHudson]

So, calling it Gnu/linux is a marketing strategy, nothing else. A marketing strategy by freetards that never caught on with the masses, btw, because freetards don't have either foot in the real world.

Hack WIndows, then Linux to access Windows?

[Maow]

This seems circular:

Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.

Is this some privilege escalation scenario for the original "Windows applications" against its own system via Linux subsystem?

Isn't that a bigger problem with the subsystem implementation?

Re:Hack WIndows, then Linux to access Windows?

[mysidia]

This seems circular:

It's totally circular..... you compromise the windows bits, then use the compromised Windows bits to compromise the Linux bits, then use the compromised Linux bits to compromise the Windows bits.

Why wouldn't you just use the initially-compromised Windows bits to wreak your evil and be done with it, then?

Unless your evil is corrupting the Linux-based application and making the Linux application serve bad data..... but that's not

sir[rosomg eother/ riw jbiw///

Re:Hack WIndows, then Linux to access Windows?

[The+MAZZTer]

mzzt@TEMPE:/mnt/c/Windows$ touch ./test
touch: cannot touch ‘./test’: Permission denied

Doesn't seem to be a problem from that angle at least. Sounds like FUD.

Re:Hack WIndows, then Linux to access Windows?

[arth1]

You're a regular user and don't have write access to the Windows directory - I don't think that's the problem.

More likely problems are:

- What is "root" mapped to? In windows, an Administrator account does not have full privileges - you need a local or remote system account for that.

- How about setuid and setgid executables? setgid in particular can be problematic, given that Windows doesn't have a concept of both a user owner and a group owner - there's just an owner, and any number of acls.

- Are setfattr and similar commands supported? Windows and Linux stores special privileges as file attributes, and if you can set them, you might open up for gratuitous privilege escalation of the "other" side.

- Are chattr and similar commands supported, and obeyed on the Windows side too? If I "chattr +i file", can I still modify it on the Windows side? Will chattr +d prevent backup?

- Are hardlinks and/or bind mounts now supported? That can give continued access to files or directories after an admin or the system has revoked access to a parent directory.

- What about loop mounts? If supported, I could see vectors of attack, especially through autoplay.

- What about the Windows reserved names, like CON, PRN, NUL, COM1 and such? Linux has no problem with those names.

There's just a lot of stuff to think through, from both a Windows angle and a Unix-like angle. Hopefully, Microsoft has managed to make it safe, two-ways, and let caution prevail over convenience.
But I wouldn't bet my house on it.

Re:Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

Repeat after me - there is NO linux subsystem. You're just running some ubuntu user space code the same way that linux can run windows code - think "wine".

Re:Hack WIndows, then Linux to access Windows?

[Aighearach]

If you're running code locally, why is it even a compromise? Isn't it allowed to delete your stuff, if that is what it does?

Re: Hack WIndows, then Linux to access Windows?

[hackwrench]

You are clearly using a different definition of subsystem than I am, but then I seem to be using a definition of subsystem that has more to do with the line between it and the rest of the system as opposed to what it is actually doing under the hood. In fact, the way I use subsystem 32-bit builds of Windows still have a DOS subsystem, as they can run DOS programs without a separate program, like DOSBOX but if 64-bit Windows had a 16-bit emulator and ran the stuff from 32-bit Windows transparently, it would have a DOS subsystem.

Re: Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

It's not a linux subsystem, despite what microsoft calls it. They even admit there is NO linux kernel code in their "linux" subsystem, same as there's no windows kernel code in Wine. All it can do is run a subset of ubuntu userland code.

Re:Hack WIndows, then Linux to access Windows?

[bluefoxlucid]

So, a self-contained system inside a larger system isn't a subsystem?

Implementing such a thing in userland is, in fact, a valid way to make a subsystem. Linux's own dynamic loader is a userspace program (the Linux kernel doesn't know how to load dynamic shared objects); and some systems (e.g. Minix, L4) implement their entire native execution environments and even hardware drivers in userspace.

Besides that,

The Windows Subsystem for Linux includes kernel mode drivers (lxss.sys and lxcore.sys) that are responsible for handling Linux system call requests in coordination with the Windows NT kernel. The drivers do not contain code from the Linux kernel but are instead a clean room implementation of Linux-compatible kernel interfaces. On native Linux, when a syscall is made from a user mode executable it is handled by the Linux kernel. On WSL, when a syscall is made from the same executable the Windows NT kernel forwards the request to lxcore.sys. Where possible, lxcore.sys translates the Linux syscall to the equivalent Windows NT call which in turn does the heavy lifting. Where there is no reasonable mapping the Windows kernel mode driver must service the request directly.

WSL uses a kernel-level interface to perform the actions required to satisfy POSIX and Linux system behaviors. This includes everything from procfs to execve() calls. File system permissions management is handled by kernel-level decisions on whether or not a program's effective permissions and capabilities mesh with the file system ACL (which is stored as extended NTFS attributes).

WSL doesn't use a kernel-level dynamic loader, and neither does Linux; as you pointed out, it loads ELF programs by using a PE executable process to bring the file into memory appropriately, like Wine. It's only necessary to have one type of kernel-level executable; all others can use a userspace loader, which is why Linux proper only supports static-linked executables and calls ld-linux.so to perform dynamic linking.

You appear to have made yet another post full of wrong information just to be aggressive and mean to other people. It's like your whole day revolves around finding ways to be an asshole to everyone else.

Re: Hack WIndows, then Linux to access Windows?

[bluefoxlucid]

BarbaraHudson is a known-super-bitch. Her posting history consists of personal attacks on everyone else in a desperate attempt to cover her own insecurities. The same goes for her facebook page, except occasionally she feeds stray cats and talks about how everyone else is assholes because she's the little angel taking care of the poor animals.

She crossed me once in the worst way--by spouting stupidity and incorrect information--so I'm temporarily amusing myself by reminding everyone she's a cunt every time she gets a little cunty.

Re: Hack WIndows, then Linux to access Windows?

Windows NT has and has always had group identifiers on securable objects. It's just not exposed via the UI for managing file system permissions.

Windows also has primary groups. In an Active Directory environment, your primary group is "Domain Users" unless changes, and unless someone has used the POSIX, Interix, or UNIX subsystems, they're probably unaware of it. There's a hint in the CRRATOR_GROUP well known SID, however.

NTFS has always had hardlinks. Symbolic links are relatively new, though. Don't confuse them with shortcuts, which are just serialized instances of ShellLink COM objects.

Re: Hack WIndows, then Linux to access Windows?

It's a subsystem in the Windows sense. The Windows subsystem is just software that translates Win32/64 APIs to kernel calls, and the Linux subsystem is just software that translates Linux APIs to kernel calls. You need a subsystem in Windows to implement binary compatibility without a recompile.

Popular subsystems of yesteryear include OS/2, POSIX, Interix, UNIX, and FX!32.

FX!32 was especially cool for its time. The subsystem included a JIT compiler to convert x86 to Alpha for optimized execution of x86 Windows code. Java did this eventually. UltraHLE made it mainstream before Sun by running Nintendo 64 code on x86 and 3dfx.

Re: Hack WIndows, then Linux to access Windows?

And you're a thin-skinned, mysoginist asshole--a trump.

Re:Hack WIndows, then Linux to access Windows?

[almitydave]

If you're running code locally, why is it even a compromise? Isn't it allowed to delete your stuff, if that is what it does?

I would think the danger is privilege escalation: since Windows now includes some basic sandboxing and system protection from apps in user space, if such an app were able to use the Linux-y part of Windows to run code with system access, then hilarity would ensue.

Re: Hack WIndows, then Linux to access Windows?

[macs4all]

She crossed me once in the worst way--by spouting stupidity and incorrect information--so I'm temporarily amusing myself by reminding everyone she's a cunt every time she gets a little cunty.

To me, you just sound like a Microsoft Shill who is all butthurt because BarbaraHudson called this so-called "LinuxonWindows" (LoW) out for the cruel joke that it is.

Re: Hack WIndows, then Linux to access Windows?

[Bing+Tsher+E]

You are well known for typing the kind of stuff thatx I am replying to with this comment.

Just cut it out, please.

Re:Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

No, because in this case there is no linux kernel code in it. Drivers are not kernel code - that's why the whole fuss about free/open and proprietary drivers, and how the linux devs refuse to look at bugs that the dump reveals are using a tainted kernel - one that is running on a system with proprietary drivers. You would know that if you had a clue, instead of being determined to be an ass.

Re: Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

And yet it's not "linux on Windows", and can't be considered that. Same as wine is not "windows on linux". And for the purposes of this article that is whining about security, you cannot exploit bugs in the linux kernel when the linux kernel isn't even there. They should take a hint from the wine developers and call it "talea" - "this ain't linux, enough already" (with the hype).

Re:Hack WIndows, then Linux to access Windows?

[bluefoxlucid]

Kernel-mode drivers are not kernel code. There's some news for you. What other pearls of wisdom do you have? Starches are not carbohydrates?

Re: Hack WIndows, then Linux to access Windows?

[bluefoxlucid]

Maybe I just hate people passing around wrong information. How is "this isn't a subsystem and it doesn't do anything in the kernel" accurate when the syscall interface is implemented in the kernel and uses kernel facilities to provide POSIX and Linux kernel facilities?

Sounds like you prefer politics over facts.

Re:Hack WIndows, then Linux to access Windows?

Uhm, Windows has had user and groups since Windows 2000, as far as I recall. Certainly since XP.

Re:Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

WTF? Can't you even read? If you're going to try to troll me, at least put a bit of effort in it.

Re: Hack WIndows, then Linux to access Windows?

This is really an existential question. What's Linux? The interface or the implementation? If no one uses the interface, is Linux still a thing? If the two are inseparable, I suppose it's fair to use a negative jargon acronym. In the end, though, if I can run unmodified Linux x86/64 binaries on Windows, then it looks enough like Linux to not really matter.

Re: Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

If you run them but you don't get the exact same usage (for example, being able to create files in a directory that are called Makefile and makefile and MAKEFILE, or SomeClass.java and SOMECLASS.java (the second one used like a c header file to contain class variables declared final used by SomeClass and possibly other classes, and not just descendants) and see them all in Windows Explorer or the Windows version of Eclipse) because the underlying Windows subsystem doesn't support it, even when you change the register key to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\obcaseinsensitive to zero, it may NOT be "good enough", even though cygwin64 has no problems with it.

Re: Hack WIndows, then Linux to access Windows?

[hackwrench]

And there is no DOS in their DOS subsystem and it only supports a subset of the DOS API.

Re:Hack WIndows, then Linux to access Windows?

[bluefoxlucid]

The WSL implements a subsystem that runs Linux programs in the same way Linux has subsystems that run BSD programs. Windows95 and such had Win16 subsystems as well.

Drivers are not kernel code.

You're trying to argue that there is no Linux subsystem because Linux itself isn't running in some form of hypervisor--thin (e.g. paravirtualization, like Xen) or otherwise. That wouldn't be a subsystem; it would be a virtualized operating system running distinct from the main OS. The fact is Windows 10 now provides a partial implementation of Linux--it provides the executable loader and kernel facilities--in the same way ReactOS provides a partial implementation of Windows, with the distinction that ReactOS is primarily a Windows system and Windows is providing a Linux subsystem.

Oh, and it's implemented in Windows kernel code.

You need everyone in the world to be wrong so you can be right and pat yourself on the back. You're the kind of person who will make ludicrous arguments about how spaces are 6 square feet smaller because they have a door (never mind that you could just use a pocket door) and ignore real data in favor of just calling your opponent wrong and preening your feathers.

Barbara "No Wire Hangers!!!" Hudson

Re:Hack WIndows, then Linux to access Windows?

[mysidia]

Windows now includes some basic sandboxing and system protection from apps in user space, if such an app were able to use the Linux-y part of Windows to run code with system access

I would call that a bug in the sandboxing. If the Linux code is running as a system identity, then why should a sandboxed process be allowed to directly modify its memory?

If the sandboxed app has the privileges to do that, Then Wtf is the 'sandboxing' in the first place?

Re:Hack WIndows, then Linux to access Windows?

[BarbaraHudson]

So you're saying Ubuntu is wrong when they say that "ubuntu for windows" isn't linux? Sheesh - why not go tell them that, I'm sure they really would like you to correct their mistake.

Clickbait

[real+gumby]

What kind of "new threat" is this? All he's saying is that running code on a machine can have affect its state.

Re: Clickbait

Agreed clickbait. Running a code on a machine makes it useful. Code allows, and is called a program. The program is created to be used by the originator, otherwise all the devices it is used on are useless.
Odd, is this why, Ms makes it so hard to have a dual boot machine, what about, Ms and it's support of open source Linux, is the question really, is ms working its way closer to boot level spying? Or coming closer to boot level spying, by lower privledges ledges for other oses!
It's likening in appearance to Google tips.

Re: Clickbait

[omnichad]

9 commas, and maybe one used correctly? Just remove that key from your keyboard - you don't deserve it.

Re: Clickbait

[macs4all]

9 commas, and maybe one used correctly? Just remove that key from your keyboard - you don't deserve it.

Perhaps English isn't the AC's first language, eh?

Re: Clickbait

[omnichad]

They did a good job making native English errors with it then. Quite a few of the languages that have a comma use it the same way as English.

Its only available if you enable developer mode

You have to enable developer mode in order to enable the Ubuntu Linux features, basically anything you can run in a shell, and while this implementation might be flawed its nowhere near as bad as Cygwin. Plus with cygwin you have to re-run the %$@ing GUI-based installer every time you need a patch instead of simply using apt-get. I am very much looking forward to dumping cygwin ASAP.

Re:Its only available if you enable developer mode

[garlicbready]

I'd recommend switching to MSYS2 since it can handle updates via the pacman command and does everything Cygwin can do

*yawn*

[jargonburn]

The Server Application in Windows 10 isn't running inside of a hypervisor; it's "running on the OS, getting all the benefits of performance and system access, as well as expanding the potential attack surface." eWeek reports on a new threat discovered by Alex Ionescu, the chief architect at cybersecurity company Crowdstrike, which begins with the fact that "The Windows file system is also mapped to the Server Application, such that the Server Application will get access to [...] files and directories."

Ionescu says "There are a number of ways that Windows applications could inject code, modify memory and add new threats to the Server Application running on Windows." According to eWeek, "The modified Server Application code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated."

I'll Tell you what else increase your attack surface: Turning the computer on.
Didn't RTFA (naturally!), but the summary fails to convince me that this is more than incrementally worse than running...well...MOST applications that do anything useful on Windows.

Re: *yawn*

[silverdirk]

The first thing that comes to my mind is wondering how MS mapped windows users to linux UIDs. When linux is allowed to access the filesystem there could be all sorts of things to abuse in the permission translation. I would be interested in an article describing the design decisions though, instead of one generically predicting doom and gloom.

Re: *yawn*

[Drumhellar]

This is how UIDs are mapped: Each windows user gets their own copy of Ubuntu installed, located in %LOCALAPPDATA%\lxss. Users exist entirely within the individual Ubuntu installs, so a Windows user can have multiple Linux users within his own virtual Linux filesystem. Files created outside of the Linux environment all have a UID and GID of 0, while the initial default user has a UID and GID of 1000. Only files created within that Windows Users's Ubuntu install have UIDs known to their own Linux install. Of course, this is just how it looks to Linux programs. It is still ultimately limited by the Windows User's own individual permissions throughout the rest of the Windows system.

Re: *yawn*

[tlhIngan]

The first thing that comes to my mind is wondering how MS mapped windows users to linux UIDs. When linux is allowed to access the filesystem there could be all sorts of things to abuse in the permission translation. I would be interested in an article describing the design decisions though, instead of one generically predicting doom and gloom.

Probably some mapping of the user SID to a UID is my guess. After all, the UID is just a user representation, and internally it gets translated into a normal Windows SID that the kernel uses for all actions.

Honestly, it's a load of hyperbole. The Linus subsystem is not running Linux. It's running the Windows kernel, and the kernel is enforcing all the standard security mechanisms it always had. If you can't write to a file in Windows, you certainly can't on Linux subsystem. (All of Windows' security is enforced in the kernel anyways).

The Linux subsystem is only a bit more than the standard subsystem mechanism on NT - you know, the ones that could run Win32, OS/2 and POSIX apps? Each one of those is a separate subsystem, and because of that, there were pesky limitations (POSIX applications can't interact with Win32, because the only commonality is... the kernel).

What Windows 10 can do is run Linux userspace binaries by emulating the Linux syscall interface. It's no different than the FreeBSD mechanism that existed for years.

Hell, if you want to get technical, call it GNU/NTOSKRNL. That's all it is. It can run Linux binaries on Windows, in this case, Ubuntu 14.04.

Re: *yawn*

OK, so what does that mean security wise?
That Windows really doesn't consider anything in the Linux environment to be of importance so you don't really need administrative privileges to write to files with UID/GID 0?
Or are files previously created protected from any Windows user in any way?

Re: *yawn*

[BarbaraHudson]

Whoa, cowboy. There is no "linux environment." This is NOT linux under windows. Even Ubuntu admits that. They do NOT get their own copy of ubuntu installed, just the userland. BIG difference.

Re: *yawn*

Hell, if you want to get technical, call it GNU/NTOSKRNL.

Seems excessive. Presumably it should be fairly simple to run the Ubuntu packages directly which means that it is a bit of a detour to go through bash and the rest of the GNU tools every time you want to do something. And as far as I'm concerned the non-GNU packages are of higher interest than the GNU ones.

Re: *yawn*

[Megol]

GNU/NTOSKRNL is only logical if installing any GNU-licensed software on a Windows system suddenly turns the system to a GNU/Windows system. GNU/Linux is at least somewhat logical as everything vital in the system _is_ GNU licensed and the GNU project software is an important part of the user experience.

Re: *yawn*

[norweeg]

probably like cygwin did it. Not sure exactly how it did that, but files viewed from cygwin bash had Unix-styled permissions

Re: *yawn*

[omnichad]

GNU/Linux is not named after the GPL license. At all. It just happens to be the same people involved in drafting it.

Re: *yawn*

[Megol]

No it is not named after the license. But "At all" seems a bit strong as GPL = GNU Public License and the GPL is the base of FSF activities including the GNU userland which is where the GNU/Linux name comes from.

Re: *yawn*

[omnichad]

You sound like one of those people that calls "Microsoft Office" Windows.

Re: *yawn*

[Drumhellar]

Security wise, it means little. Each Windows user has his own private copy of the Linux environment. UIDs and GIDs are enforced in a standard Linux way, so no using the default user to create files owned by root in the virtual filesystem. Outside of the Linux environment, everything appears to be owned by root, and files created are owned by root - the same as if you mounted a FAT32 volume under Linux, but gave users write access to the volume. However, there is still per-file and per-directory read/write permissions, so as a Linux user, you can still access your Windows user files (Since you have read/write access), but are still denied those privileges to the files of other Windows users. A true "root" user only exists within that Linux environment, and only matters within the virtual FS provided by the Linux subsystem. Ultimately, everything is still governed by Windows' own security, and Linux subsystem and everything it does ultimately only has access that the Windows user has access to. There is no method for privilege escalation, either, barring any bugs in the Windows kernel components.

Re:*yawn*

[macs4all]

I'll Tell you what else increase your attack surface: Turning the computer on. Didn't RTFA (naturally!), but the summary fails to convince me that this is more than incrementally worse than running...well...MOST applications that do anything useful on Windows.

True enough; but there "Increments" come in all sizes, shapes and forms.

If history has anything to inform us with here, it is that Microsoft is REALLY bad at securing inter-process communication. (e.g. Windows Shatter Attack?). And this looks to be one HONKIN' huge inter-process conduit...

Re: *yawn*

[Bill,+Shooter+of+Bul]

Not sure if you're joking, but it doesn't work that way.

All ubuntu stuff goes through the window subsystem for linux ( a linux to windows syscall translator). It doesn't go through "bash"

Yes, but does it run Linu...

... nevermind, too easy.

Re:Yes, but does it run Linu...

no but it'll run GNU

Nice Try. Let me correct you.

[Hylandr]

a two-headed beast that can do a little Linux and can also be used to attack the Linux side of the system.

FTFY

Re:Nice Try. Let me correct you.

[drinkypoo]

a two-headed beast that can do a little Linux and can also be used to attack the Linux side of the system.

Privilege escalation is not a new thing. If you trust any Microsoft container solution to be unbreakable, you deserve exactly what you get.

Crazy Talk

[frovingslosh]

This is just crazy talk. If I'm running Windows I obviously don't care about security.

Don't run root

[Billly+Gates]

Just like Linux you need to have special privileges to change anything important with the ACL lists of NTFS just like ext3.

I highly doubt malware will target this. I mean besides those using SQL insertion exploits for server databases no one targets Linux on the desktop. No one is going to be running a server with this anyway.

Re:Don't run root

[Hylandr]

And now someone is going to do it just because you said nobody would. It's the Linux way.

Re:Don't run root

[Antique+Geekmeister]

What they can, and will, target is privileged credentials in the user's home directory. Linux users, for example, sometimes keep SSH private keys or GPG keys in their home directory. Those now become vulnerable to Windows tools that are poorly secured and allow filesystem access to well defined home directory locations.

Conversely, many careless Windows users run their personal user account with Administrator privileges on their Windows machine, to make certain types of work easier. This makes Linux hosted attack vectors, such as running an SSH daemon, or SFTP, expose critical parts of the native Windows filesystems that the owner of the system may not have thought about.

It's also very much the same problem that CygWin and Windows have shared for years, so it's not a very new attack vector.

Re:Don't run root

[dominux]

I wouldn't be too sure about not running servers on this. Plenty of places really really want to have a standard build of windows on all their servers without exception. Plenty of developers want their stuff to run on a well understood LAMP stack that isn't a complete and utter pain in the arse to install and update. WSL lets everyone be happy - not sure it can run background services properly yet, but there is certainly a use-case for it running servers. Now whether such a machine is vulnerable to this kind of exploit is a bit of an open question. This seems to be describing a potential privilege escalation by writing into the memory of Linux applications, which seems like something that shouldn't be allowed by the windows kernel.

Re:Don't run root

Those now become vulnerable to Windows tools that are poorly secured

So they've always been vulnerable to Linux tools that are poorly secured? Given people still store such stuff in such locations presumably it's not the huge issue you're making it out to be?

many careless Windows users run their personal user account with Administrator privileges on their Windows machine

This hasn't been true since Windows Vista (so, over 10 years). Windows users doing this is no more common than Linux users doing all their work as root. It happens, I guess.

Re:Don't run root

[The-Ixian]

Linux users, for example, sometimes keep SSH private keys or GPG keys in their home directory. Those now become vulnerable to Windows tools that are poorly secured and allow filesystem access to well defined home directory locations

How is this different from any other secure file you might have on your computer? If the malware has file system access and permission to read the files that you have access to, then it has access to the files....

I have private keys in the form of PuTTY .ppk files on my Windows box. I also have private keys in the form of id_rsa on my Linux boxen. Those files exist in places that I have access to... so would malware, if it got installed.

I am trying to understand why this is somehow more of a security risk (other than from increased attack surface).

Re:Don't run root

[macs4all]

I highly doubt malware will target this.

Funniest thing I've read all day!

Re:Don't run root

[macs4all]

Plenty of places really really want to have a standard build of windows on all their servers without exception.

Oh, I am SURE the Computer Priesthood will absolutely LOVE this! All the insecurity of Windows with all the Obscurity of Linux, rolled into one hard-to-troubleshoot package; yay!!!!

Re:Don't run root

[Billly+Gates]

Dude WSL is no way NEAR server grade stability.

If you have a MS lacky CIO you run these in Hyper-V oin a VM and run the OS host natively than use a hack like this.

Re: Mein Gott im Himmel!

[Billly+Gates]

They have a hypervisor. It is called Hyper-V if you care and supported Ubuntu for awhile now.

Fuck yeah

I have the best firewall of them all - scissors and aluminum foil

Embrace, Extend, Extinguish

I just don't know which one will be extinguished, Windows or Linux, or if it's mutually assured destruction

Attack the Windows side of the system?

[PPH]

We've pretty much written Windows off years ago.

Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.

Windows has been able to do that to itself for years. No Linux needed.

Re:Attack the Windows side of the system?

Yeah, but it's nice to accuse Linux. The next step is to ban Linux from the system - Even in dual-boot.
Just make sure Linux cannot longer boot on all systems (they are halfway there), and the "problem" is solved...

Re:Attack the Windows side of the system?

[Bill,+Shooter+of+Bul]

I think the point here was to sell the fancy expensive firewalls. to monitor for suspicious "linux activity".

The Linux in Windows 10

> The Linux in Windows 10

There is _no_ 'Linux' in Windows 10. Linux is the kernel used by 'Linux distros' and other stuff, such as Android.

Windows 10 has an emulation layer that looks like Linux, just as WINE isn't a Windows kernel but it looks like one.

Ubuntu bash and other stuff isn't running on 'Linux' it is running on Microsoft's emulation.

How big a target will this be?

[HalAtWork]

I'm not sure if many people will install this functionality to begin with aside from developers, the target may be too small to justify

Re:How big a target will this be?

I agree with you that potential target audience is rather small. However I feel that if attackers were really smart they would use this path. Think about how many production systems might be accessed by compromising developer machine. Wanna guess what 'conversion rate' they might have after encrypting production database / file system? Backups? Who needs backups? ;-)

Re:How big a target will this be?

[WheezyJoe]

THIS. The linux-compatible subsystem is NOT installed by default, and a user has to go through a lot of non-easy hoops to get it installed. That is, it's not simply a matter of opening the Windows Store and clicking on a colorful icon of a skimpy-dressed female holding cash in one hand and a machine-gun in the other. There are a plurality of steps, all boring, any one of which would likely cause your typical sucker-user to lose interest.

However vulnerable this turns out to be ("hey, handsome, are you MAN enough to copy this BASH script and RUN it on your big firm Terminal?"), this net is NOT likely to catch a lot of fish.

While in the Real World, WSL is contained

[CrashNBrn]

Windows Subsystem for Linux processes cannot directly interact with either the win32 subsystem or processes.

Windows Subsystem for Linux Overview [img] :: https://msdnshared.blob.core.windows.net/media/2016/04/LXSS-diagram-1024x472.jpg or WSL System Calls & [img] :: https://msdnshared.blob.core.windows.net/media/2016/06/syscall_graphic.png

Re:While in the Real World, WSL is contained

[bluefoxlucid]

Thanks, was looking for this. You can't even launch Windows PE binaries.

Running software on a computer

[srw]

So, basically what he is saying is that if you can run software on a machine then you'll also be able to run software on that machine.

Or am I missing something?

And the award goes to...

[duke_cheetah2003]

Captain Obvious award for Alex Ionescu, the chief architect at cybersecurity company Crowdstrike. Congratulations!

Shill

[eWarz]

Very few people (except developers) will have WSL running on their machines. WSL is isolated from Win32 except via FS access. Just based on it's current state, WSL is practically impossible to exploit thansk to it's limitations. Alex Ionescu is (was?) a ReactOS 'developer'. He has a beef against Microsoft. Disclaimer, in a past life, I was a ReactOS core developer for a certain period of time in the late 90s to early 2000s.

Re:Shill

[truedfx]

except via FS access

Network access too, right? It wouldn't surprise me if there are default Windows network services that allow the Linux subsystem to effectively execute Win32 programs this way.

Re:Shill

WSL can't execute Win32 programs. It doesn't understand what they are.

$ /mnt/c/Windows/notepad.exe
bash: ./notepad.exe: cannot execute binary file: Exec format error

Win32 doesn't understand what ELF programs are either.

Re:Shill

[StormReaver]

Alex Ionescu is (was?) a ReactOS 'developer'. He has a beef against Microsoft.

Every sane person on the planet has at least one major, legitimate beef against Microsoft. If you don't, you're either very young, idiotic, or both.

Re:Shill

[bluefoxlucid]

Alex is a great guy and pretty brilliant; he's slightly-wrong in this case, as Linux binaries can't call Windows system functions (no Win32 API). The attack surface does include accessing the Windows file system, but not triggering Windows programs.

He's not the kind of raging psycho typified by RMS or Theo de Raadt, at least.

Re:Shill

Fuck off, troll. There are plenty of sane people who don't really have a problem with Microsoft, especially when you consider the alternatives. You either bend over and get raped by Apple or you defile yourself with the boxcar hobo Linux crowd. Neither are very appealing to sane, intelligent computer users.

Re:Shill

...and if you don't have at least one major, legitimate beef against any application or vendor then you are naïve, a newb, or you lack critical thinking skills.

This is the problem with the Microsoft hate. The haters single out MS for special attention. There's no software ecosystem on the planet that doesn't have lots of problems. This makes the FOSS zealots both boring and wrong. Drop the zealotry, FOSS will be the better for it.

FUD

Bullship

Stick box trap

I can just picture Satya setting up a penguin underneath a stick-box trap (using a windows 10 box, of course)

20 years to close all the holes in Windows

And now the introduce the biggest security swiss cheese of all...

I don't know if Linux vulnerability patches are obtained from Windows Update or through another Linux-centric mechanism.

Re:20 years to close all the holes in Windows

[BarbaraHudson]

Since there's no linux in "linux on Windows", does it really matter?

Re: 20 years to close all the holes in Windows

[The-Ixian]

Apt-get upgrade works just fine in my windows 10 bash.

Why doesn't anybody get their facts straight?

[rew]

After googling around a bit. stories about running a bash shell on windows pop up.

It isn't "running Linux" on windows. That would imply that there is a Linux kernel running that actually manages hardware. This impression of "running on hardware" is enhanced by the slashdot summary.

None of this. Windows is simply providing those Linux system calls that allows commandline apps to run. A story then mentioned that servers would not run. That's odd: When "bash" runs and say applications like ping, ssh and telnet, you'd have to go to great lengths to prevent another app like "apache" from running.

But if what I hear is true, this is only useful for the most basic of things, no graphical capabilities. I might be an old fart that uses the commandline a lot, but that becomes useful in combination with a bunch of graphical tools that display what I need to know on a graphical screen.

As to security: the implied trick of running a linux kernel that also has access to the windows block devices is very prone to bugs and security issues. But all that is not the case: It's just another program running in an operating system, using a slightly different set of API calls. If the emulated Linux system calls end up calling windows-internal stuff AFTER the "permissions checking" that normal windows calls would do then you have a problem. It tells a lot about how badly windows is layered.

Re:Why doesn't anybody get their facts straight?

[garethjrowlands]

Here's how server applications aren't supported: they use system calls or variants of system calls that aren't implemented. Microsoft have made sure that bash, git and nodejs all work fine. But they haven't implemented all the APIs that, for example, Oracle or Docker use. I found I could run xterm no problem but not Haskell's ghc or stack. They will probably add more features over time but it's hard to say how far they'll get or when. The project originated in the Astoria Android emulator, so the APIs that a typical Android app uses are likely to best supported.

Re:Why doesn't anybody get their facts straight?

[will_die]

GUI is not supported. However you can run an x-window emulator on windows then in the ubuntu sub-system redirect the display to localmachine, meaning windows, and that will work.

Re:Why doesn't anybody get their facts straight?

[omnichad]

But if what I hear is true, this is only useful for the most basic of things, no graphical capabilities

I know someone else has already said it differently, but X is a networked display protocol, so I assume any X server for Windows could work.

Re:Why doesn't anybody get their facts straight?

[perryizgr8]

>no graphical capabilities

Graphic apps run. Someone even managed to get the Ubuntu Unity DWM to run.

MS as usual

[ruir]

This seems just a move to denigrate and undervalue the Windows brand. Nothing new to see, MS has been doing that for decades, keep walking.

Re:MS as usual

[ruir]

errm..."This seems just a move to denigrate and undervalue the Linux brand. Nothing new to see, MS has been doing that for decades, keep walking."

Re:MS as usual

It's indeed hard not to think of it that way, knowing MS... "Throw in something badly implementing parts of GNU/Linux, then let it rot"... It's easy to see a lot of people generalizing this failure to GNU/Linux itself, even though there is almost zero link to it...

Re:MS as usual

[Dog-Cow]

It's indeed hard not to think

Indeed. But you manage it anyway.

That's OK

[geekprime]

That's Ok I have my windows 10 running in a sandboxed virtual machine under debian.

Re:That's OK

[Blaskowicz]

But, can it be run in a sandwiched virtual machine with mayonnaise?

Re: Trust MS to take a good idea and fuck up

Ie. The way wine does it.

Solving issue of LINUX

[KernelSphere]

There are numbers ways to clear these problem..If any one need to check out the problem issued please go through the below link provided. @ http://www.kernelsphere.com/li...

get rid of windows, keep linux

[FudRucker]

problem solved

Finally ! Viruses on Linux !!!

This is great news. Finally virus and malware writers will get access to Linux is such a way they can get their wares to run. Lack of viruses and malware has been one of the great stumbling blocks to providing a true like for like "Windows Experience" on Linux.

Can this be the tipping point that finally makes it the year of the Linux desktop ?

This is really stupid

If you find a vulnerability in the Windows API, it means you can attack the Windows machine anyway, regardless of the method, with or without the Ubuntu add-on. It doesn't matter that you have several more applications some call Linux and maybe use them as carrier for the attack. If they aren't there, the atacker can easily use other apps to exploit the said vulnerability.

Who is this Ionescu "security expert", and what is he on?

Re:Trust MS to take a good idea and fuck up

[Dog-Cow]

The same approach they engineered around 20 years ago, with NT version 3.5, if not earlier? Darn them. Darn them to heck!

Wine under Linux under Windows...

What will they think of next?

Both Linux and Windows accessing hardware directly

[SpaghettiPattern]

Both Linux and Windows accessing hardware directly so that Linux performs well.

What's the logical next step?

So Linux apps can make win32 calls?

[Junta]

That should make porting WINE easy!

Seriously speaking, it seems the short of it is that WSL should be disabled if AppLocker is desired. I suspect that wouldn't upset too many folks, as I imagine the intersection of audience that uses AppLocker and the audience that would use WSL is non-existent. AppLocker is a pretty extreme lockdown to inflict on your users, and I can't imagine those admins wanting to use Linux applications.

WSL can be disabled, so I don't think this is as large a deal as the article wants it to be. In fact I assume the default is disabled.

This is not "Linux on Windows"

[Eravnrekaree]

Linux is a kernel. The Linux kernel is not used in this emulation layer, instead it emulates Linux system calls on the Windows kernel. So, there is very little if any Linux in this scheme. Its not Linux.

I don't think this is a wise use of Canonical's resources, a better use would have been greatly enhancing and accelerating Wine development with a goal of getting it to 99% app compatability within 2 years and as well funding a project to provide a driver compatability layer to allow Windows drivers to run on Linux. This would make it easier for people to make a complete move to Linux and to bring their apps and hardware with them, rather than creating a reason for people to stay on Windows.

Embrace. Extend. Extiguish.

And Microsoft does it again!

When will we ever learn.

History makes fools of us all

Until something happens, like SteamOS getting a large number of followers and dropping Windows support, requiring the use of the WSL to run Steam. Or people wanting to run server software for free but not wanting to do a separate Linux install. Etc.

Something may yet happen. Do not take the future lightly young padawan...

If you have nothing to hide...

Come on Windows, if you have nothing to hide (visible by Linux), you have nothing to worry about right?

Why why why?

[JustAnotherOldGuy]

Okay, I can see running Windows under Linux, but why run Linux under Windows? It seems like that's the worst of both worlds.

_+ FBI TIES LINUX STORY TO SOMEHOW WINDOWS +_

No mother fuckers. No.

Never use anything Windows near Linux unless it is a for sure locked down Windows (you have to be very pro) and you are running VM's of Linux. On a bare metal Linux forget you ever heard of Windows.

Microsoft ANNIVERSARY anniversary ANNIVERSARY heyy ANNIVERSARY 10

Fuck you FBI. Dead spies.

The only reason to upgrade from Win7

[John+Allsup]

I only bothered upgrading my HP workstations to Windows 10 (for free) is so that I can install windows 10 on a hard drive and run Ubuntu GNU/Windows.

Re: Mein Gott im Himmel!

[macs4all]

They have a hypervisor. It is called Hyper-V if you care and supported Ubuntu for awhile now.

Yep, and it has since it was called VirtualPC before they bought it from Connectix.

The question is, why, oh, why didn't they just USE VPC/Hyper-V to do this, rather than create some creaky, leaky SHIM?

Nobody sould listen to this guy

Alex is the guy that got Wime and ReactOS in trouble a few years back by disassembling WinXP code and copy/pasting it in those projects. We're still paying for his bullshit. Don't give this fraud any credence.

"...benefits of performance" - not so much

I was playing with "Ubuntu for Windows" on Windows 10 last week. While it is an interesting effort (and I was able to upgrade from the default Ubuntu 14.04 (Trusty Tahr) userland to the 16.04 (Xenial Xerus) userland with minimal dificulty), performance does not match that of a Lubuntu 16.04 VM on the same hardware running in VMWare Player. I was running repeated Monte Carlo-type simulations, and the same scripts and executables took twice as long to run under Ubuntu for Windows vs. the VM.

So, while interesting, it is still beta (and is labeled as such, and requires "developer mode" to be enabled in Windows 10), and it's not quite ready for prime time yet.

Re:"...benefits of performance" - not so much

[cnettel]

I was playing with "Ubuntu for Windows" on Windows 10 last week. While it is an interesting effort (and I was able to upgrade from the default Ubuntu 14.04 (Trusty Tahr) userland to the 16.04 (Xenial Xerus) userland with minimal dificulty), performance does not match that of a Lubuntu 16.04 VM on the same hardware running in VMWare Player. I was running repeated Monte Carlo-type simulations, and the same scripts and executables took twice as long to run under Ubuntu for Windows vs. the VM.

So, while interesting, it is still beta (and is labeled as such, and requires "developer mode" to be enabled in Windows 10), and it's not quite ready for prime time yet.

If you're getting that kind of performance difference, it sounds like you're really bound by I/O or (faulty?) thread synchronization. But, yeah, I would never use WSL for performance. For easy transparent prototyping, it's great and I've basically stopped using cygwin.

Not the whole POSIX.

[DrYak]

So is it essentially a new POSIX interface?

No it's not the whole POSIX interface (that used to exist and be called something along the lines like "Unix Services for Windows", but got in practice over taken in popularity by Cygwin - a translation layer between POSIX source code and regular Win32 interface).

WSL implements only a very small subset of Linux kernel's API calls.
Just barely enough to get some Ubuntu user space running, so you can still use Windows to write and test your code before deploying to some Linux cloud.
(instead of using Mac OS X or a real Linux desktop or a VM like everybody else.

There currently nearly no filesystem support (except for the special drivers that Microsoft has written to support passing Windows's local drivers under Linux).
There is very limited network support (you can run apache and even SSH. But forget about NFS)
There's no media at all (no X. no audio. no USBHID/libinput. nowayland/DRM/Mesa hardware/Whatever. no nothing. Its main purpose is to test linux code before deploying to the cluster, so don't expect anything fancy).
No even fabric dummy drivers (that's a bit limiting for the intended purpose...)
Nothing from the Linux kernel internals (no scheduler, etc.)

So maybe with some extensive hacking you could write a zombie node that can take part in some mass spamming or DDOS.
(Basically, anything that you could implement as a not so fancy network daemon under any other OS).
But that's about it. Don't except to circumvent some Windows protection by calling into WSL, it has no access to anything low-level.
(e.g.: Forget about trying to reflash the firmware using some linux sysadmins tools under WSL, or making some advanced stealth keylogger)

Very limited: NO HW access

[DrYak]

It doesn't have hardware access.

It only understands a very limited subset of all the API calls offered by the Linux kernel.
Just barely enough so you install ubuntu and test some linux code before deploying on a Linux powered cloud.

Some limited network is as best as you could get. Nothing much fancy beyond that.
You could run Apache or SSH but don't set your hopes to high (not even NFS).
Completely forget any hope about keyloggers, reflashing firmware using linux sysadmin tools, etc.

Different scope

[DrYak]

There are a few differences.

Cygwin is a userspace library that translates nearly whole POSIX API to win32 API calls.
WSL is simply Windows' own kernel offering directly a new API, in addition to Win32/Win64/etc. much like Microsoft's older Unix subsystem for Windows.

The size is also different.
Cygwin features nearly the whole POSIX.

WSL is just about the strict minimum subset of Linux API calls so you can run a few Ubuntu elfs unmodified.
It's just so you can test some code locally before deploying it on a Linux cloud.

You'll get the ability to load ELFs, and some very limited network and filesystem access. And that's it. Nothing fancy.

Re:Different scope

[gweihir]

Indeed. I may point out that I did not say it was the same. It is not.

winbuntu

here after known as winbuntu

Don't install shit you are not using

[iamacat]

If you just need a Web apps, go with a Chromebook. Nothing is perfect, but there is just not much running to hack. If you just want Office, stay away from Ubuntu userland. It's another thing to maintain and update, and yes an additional exploit vector. In the meantime I am psyched that I can run various home servers on my gaming box rather than having to tinker with a separate old laptop stashed on some shelf.

Re:Don't install shit you are not using

Google Chromebook. Google US Spy Agency. Eric Schmidt works @ Pentagon. Full global surveillance network.

gstatic
google-analytics
googletagservices

etc

Yeah, nice thinking champ. If I even explain here what the smart thing is, that will be their next attack vector. Slashdot is FBI.

Re:Don't install shit you are not using

[iamacat]

If surveillance by NSA is your biggest threat vector, I would still recommend a Chromebook over Windows 10. If it's casual crooks, the comparison is not even close.

Nit-picking

[DrYak]

...I was just nitpicking about small minutes details.

having Linux user-space components running on top of a translation layer is not new either. Cygwin has been doing it for ages.

Ubuntu on Windows doesn't run atop a translation layer. There's no "in between" layer, it's the NT kernel that exports a few extra API calls. It's first class citizens just like Win32 or the old Unix interface, not a translation layer like Cygwin, Mingw.

And Cygwin has been offering way much more for ages (complete POSIX).
WSL is more comparable to Mingw (which is the bare strict minimum subset of POSIX to get basic software to compile in Windows - just like WSL is a bare strict minimum of Linux API calls to get basic ELFs to run in Windows)

Re:Nit-picking

[gweihir]

You don't think they have implemented that as a translation layer in the NT kernel? Well, it is MS with their massively bloated kernel API, so maybe they did do it natively and since it is closed-source, we may never know.

Re: Mein Gott im Himmel!

[Billly+Gates]

They can do it if you have the professional edition of Windows 8/10.

I use it because it is cheaper than VMWare workstation and it is a real type 1 hypervisor like VMWare ESX. Not a crappy one like VirtualPC (different product), Virtualobx, or VMware workstation.

That is one thing I wish Linux had as a host. ESX is not cheap nor free for real type1 with no obscure drivers as the guests can use the host hardware natively.

Overly complicated manchine

[DrYak]

You don't think they have implemented that as a translation layer in the NT kernel?

Not according to their docs and blog posts.

NT kernel is horribly complicated beasts.
It can exports its internal as different sets of API.

The idea back then was:

- to allow multiple sets of API
Back then the idea was to support win32 *and* OS/2 both at the same time (this one is defunct nowadays). Then UNIX came. And now WSL)

- so they can freely hack the internals without being held back by an API model
That's the situation with WSL. Because proc forking sucks under Windows, whereas it comes more or less for free under Linux, Microsoft has come with a new feature they call Pico thread, which is even lighter than linux at multiple-process (but is worse at isolating/compartimentalizinge - no big deal for a feature which targets developpers, not end-users). These Pico threads aren't exposer in the current Win64 and Win32 apis. But these pico threads are what is exposed to make processes in WSL.

So the route is not Linux -> translated into Win32, but directly Linux -> NT kernel, skip the intermediate translation layer.

Cygwin on the other hand is entirely implemented as a user-space component. It runs to user space, and translate POSIX calls to Win32 calls.
(And you could run Cygwin on top of any Win32 provider. Like order versions of Windows, or like Wine - like done for testing).
(Whereas for WSL you need a very specific version of the Windows 10 kernel that actually feature that extra Linux-like minimal API that isn't available anywhere else).

  Well, it is MS with their massively bloated kernel API, so maybe they did do it natively and since it is closed-source, we may never know.

What is in name?

I personally loath that we all call every *nix distribution Linux. To me it's akin to calling all Windows releases (WinNT). Not that I have a better suggestion for hoe to refer to these systems. I have to constantly remind my friend that his problems are Ubuntu and/or Unity related and how the problem of the software he's running isnt unique to "Linux" nor is it "Linux's" fault or responsibility for these issues. When he says "I like Linux but..." accompanied with something like "...what are these black borders after I suspend my machine?" or "... The software center doesn't have X and I need to add a PPA? What's a PPA?" I remind him that it's not the Kernels fault you are seeing black borders around all Windowed apps or don't have "X" in the Ubuntu software center. Nor is it the Kernels fault when your latest proprietary NVIDIA drivers don't work with your Window Manager and you need to manually install an earlier BLOB. We all keep calling it "the Linux desktop" but isn't it more apt to say "the unity desktop"? I just get tired of how we all group all Linux kernel based computing experiences and software collections as "Linux". Two users will experience an entirely and monolithicly different, unique, and either good or poor (mostly subjective) experience when one uses Ubuntu,Unity,LightDM and the other uses Gentoo,MATE,Marco,SDDM or any other permutation that comprises "the Linux desktop."

Re: What is in name?

I didn't mean to call all Linux collections as "the Unity desktop" I meant it as example. Call it "my MATE desktop" or "my KDE desktop" not just "my Linux kernel based desktop"

Re: What is in name?

I also understand the term "Linux" has evolved to mean more than just the kernel I just wish we had a better term that more aptly suits our systems based on said kernel. I'm not happy with Linux or GNU/Linux nor am I completely happy with "Ubuntu Machine" or "Arch Box". Damn you language. Why can't we just communicate in thoughts and not words.