Making C Less Dangerous in the Linux kernel
Kees Cook
https://2019.linux.conf.au/schedule/presentation/178/
With the Linux kernel written in C, it comes with some worrisome baggage, "undefined" behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure. Some of these weaknesses related to the design of chipsets and how close C is to machine code, but others are less specific.
This presentation will explore the areas where the kernel is changing the C standard, defining undefined behaviors, or otherwise reorganizing things to make C itself less of a hazard.
Specifically this will cover removing (and enforcing the lack of) Variable Length Arrays in kernel code, forcing all stack variables to be initialized with a GCC plugin, performing implicit bounds checking with overloaded builtins, handling arithmetic overflows safely, and protecting forward (call) and reverse (return) indirect function calls with CFI under Clang.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео Making C Less Dangerous in the Linux kernel канала linux.conf.au
https://2019.linux.conf.au/schedule/presentation/178/
With the Linux kernel written in C, it comes with some worrisome baggage, "undefined" behaviors, and other weaknesses that lead to security flaws and vulnerable infrastructure. Some of these weaknesses related to the design of chipsets and how close C is to machine code, but others are less specific.
This presentation will explore the areas where the kernel is changing the C standard, defining undefined behaviors, or otherwise reorganizing things to make C itself less of a hazard.
Specifically this will cover removing (and enforcing the lack of) Variable Length Arrays in kernel code, forcing all stack variables to be initialized with a GCC plugin, performing implicit bounds checking with overloaded builtins, handling arithmetic overflows safely, and protecting forward (call) and reverse (return) indirect function calls with CFI under Clang.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео Making C Less Dangerous in the Linux kernel канала linux.conf.au
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Does making the kernel harder make making the kernel harder?](https://i.ytimg.com/vi/Gtjy7pWjW9M/default.jpg)
![DebConf 14: QA with Linus Torvalds](https://i.ytimg.com/vi/5PmHRSeA2c8/default.jpg)
![Writing Viruses for Fun, not Profit](https://i.ytimg.com/vi/2Ra1CCG8Guo/default.jpg)
![Tutorial: Building the Simplest Possible Linux System - Rob Landley, se-instruments.com](https://i.ytimg.com/vi/Sk9TatW9ino/default.jpg)
!["What UNIX Cost Us" - Benno Rice (LCA 2020)](https://i.ytimg.com/vi/9-IWMbJXoLM/default.jpg)
!["Zero Trust SSH" - Jeremy Stott (LCA 2020)](https://i.ytimg.com/vi/lYzklWPTbsQ/default.jpg)
![Booting faster](https://i.ytimg.com/vi/fTLsS_QZ8us/default.jpg)
![FreeBSD, The Other Unix-Like Operating System and Why You Should Get Involved!](https://i.ytimg.com/vi/w6oGeTm95no/default.jpg)
![](https://i.ytimg.com/vi/HzmL7ed80Hg/default.jpg)
!["New" Features in C - Dan Saks](https://i.ytimg.com/vi/ieERUEhs910/default.jpg)
![Linux Tip | 10 Useful Linux Commands](https://i.ytimg.com/vi/vAdR-M9H_1w/default.jpg)
!["picolibc: a C library for small 32-bit systems" - Keith Packard (LCA 2020)](https://i.ytimg.com/vi/SC6aBezNFFQ/default.jpg)
![The Tragedy of systemd](https://i.ytimg.com/vi/o_AIw9bGogo/default.jpg)
![See what your computer is doing with Ftrace utilities](https://i.ytimg.com/vi/68osT1soAPM/default.jpg)
![You Can't Unit Test C, Right?](https://i.ytimg.com/vi/z-uWt5wVVkU/default.jpg)
!["The New COBOL" - Benno Rice (PyCon AU 2019)](https://i.ytimg.com/vi/BCqGjGzWI48/default.jpg)
![Making C Less Dangerous - Kees Cook, Google](https://i.ytimg.com/vi/XfNt6MsLj0E/default.jpg)
![Lets LISP like it's 1959](https://i.ytimg.com/vi/hGY3uBHVVr4/default.jpg)
![But Mummy I don't want to use CUDA - Open source GPU compute](https://i.ytimg.com/vi/ZTq8wKnVUZ8/default.jpg)
![How to Disappear Completely](https://i.ytimg.com/vi/LOulCAz4S0M/default.jpg)