Famed Architect’s Lawsuit Against Google Just Got Much More Serious

Eli Attia alleges he wasn’t the only one mistreated by the search giant.

A long-running lawsuit filed against Google by a prominent architect has just gotten much broader.

Last week, the Superior Court of California granted a motion adding racketeering charges to the civil case being pursued against Google by Eli Attia, an expert in high-rise construction. Attia claims Google stole his idea for an innovative building design method – and now he wants to prove that it does the same thing frequently.

Attia’s suit was originally filed in 2014, four years after he began discussions with Google (prior to its reorganization as Alphabet) about developing software based on a set of concepts he called Engineered Architecture. Attia has said Engineered Architecture, broadly described as a modular approach to building, would revolutionize the design and construction of large buildings. Attia developed the concepts based on insights gleaned from his high-profile architecture career, and has called them his life’s work.

Google executives including Google X cofounder Astro Teller came to share his enthusiasm, and championed developing software based on Engineered Architecture as one of the company’s “moonshots.” But Attia claims the company later used his ideas without fulfilling an agreement to pay to license them.

Get Data Sheet, Fortune’s technology newsletter.

Attia’s suit names not just Google, but individual executives including founders Larry Page and Sergey Brin. It also names Flux Factory, the unit Attia’s suit alleges was spun off specifically to capitalize on his ideas.

Speaking to the San Jose Mercury News, Attia’s lawyer claims Google told Attia his project had been cancelled, “when in fact they were going full blast on it.” Flux Factory is now known as Flux, and touts itself as “the first company launched by Google X.”

Attia’s suit will now also seek to prove that his case is representative of a much broader pattern of behavior by Alphabet. According to court documents, the motion to add racketeering charges hinged on six similar incidents. Those incidents aren’t specified in the latest court proceedings, but Alphabet has faced a similar trade-secrets battle this summer over X’s Project Loon, which has already led to Loon being stripped of some patents.

The idea of racketeering charges entering the picture will surprise many who associate them with violent organized criminals. But under RICO statutes, civil racketeering suits can be brought by private litigants against organizations and individuals alleged to have engaged in ongoing misdeeds. The broader use of racketeering charges has slowly gained ground since the introduction of RICO laws in the 1960s, with some famous instances including suits against Major League Baseball and even the Los Angeles Police Department.

Tech

?Serious Linux kernel security bug fixed

More security news

Sometimes old fixed bugs come back to bite us. That’s the case with CVE-2017-1000253, a Local Privilege Escalation Linux kernel bug.

This is a problem with how the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack. This could cause memory corruption. Then, an otherwise unprivileged local user with access to a Set owner User ID (SUID) or otherwise privileged flawed PIE binary, could gain higher-level user privileges.

Linux processes

Qualys, a security company, worked out a way to exploit this hole. By smashing the PIE’s .dynamic section with a stack-based string operation, they found they could force the ld.so dynamic linker to load and execute their own shared library.

This security hole may sound complicated, but it’s relatively easy to exploit. Since it could give an ordinary user super-user privileges it’s potentially very dangerous.

This bug, and its fix, are actually old. It was first uncovered in 2015 by Michael Davidson, a Google software engineer. It was fixed in the 4.0 Linux kernel. To be exact, Davidson repaired the kernel bug with a patch committed on April 14, 2015.

What neither Davidson, nor anyone, realized at the time was that what appeared to be a minor bug could be exploited.

Since the bug was patched over two years ago, you might be wondering, “Why does this matter?”

The problem is that the bug lived on in long-term support (LTS) versions of Linux, which are often used in server Linux distributions. In particular, Qualys found that “All versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.” The bug is also present in Debian-based Linux distributions.

If you’re running an up-to-date Linux desktop, you have nothing to worry about. These use modern kernels rather than LTS kernels.

With a Common Vulnerability Scoring System, version 3 (CVSSv3) severity score of 7.8, system admins should patch the bug as soon as possible. Since the major Linux distributors were aware of the security hole before it was announced, all a system administrator needs to do is their usual package management program to patch the kernel or install a patched kernel, and reboot.

Related Stories:

Tech