Safety in Kernel Development

Kenneth Adam Miller kennethadammiller at gmail.com
Tue Aug 18 20:30:45 EDT 2015


My interest is clearly on approaches that can be taken to do hardened
kernel module development.

Excuse me, I didn't say I was interested in editing the linux kernel, and
for that matter as I understand the kernel newbies mailing list is general
across the entirety of kernel programming, whether editing it directly or
writing driver modules. If you read what I wrote closely, I'm not at all
interested in changing anybody else's code or in changing the development
habits of other people or organizations. What I am interested in is
ensuring that the code *I* write is as safe as possible.

I don't think it's at all applicable to restrict the conversation to a
specific language. I see kernel programming as being very strongly
pragmatist in nature. I don't care what you call it, it has to work, and
for our requirements it has to be safe as well. I'm not alone in wanting
stronger security. Since I don't see any one person given authority to
dictate what can or can't be discussed here, I'm just going to go about my
business hardening my code and finding others from whom I can learn and
share with.

To me a language is a tool, not an idol. But if you read further into the
chain, you can also see I brought in the possibility of a passive Control
Flow Integrity approach woven by compiler or alternatively a safer compiler
that wouldn't even need to be trusted to emit code that does not segfault
or leak memory.

| "this is not a rational approach"

I'm very strongly confident the approach of achieving stronger guarantees
at the language level are both very rational and pragmatic, and I have the
sources and information to back it up. Let me address what I think is the
root of the response here however: kmemleak is a good idea and useful tool,
and I plan to use it if I can get the time. So I appreciate any helpful
mention that has been given here to tools I can use, I just happen to make
a note about viability that crossed my mind for that particular tool. We
just want the strongest guarantees we can get, so I didn't intend to be
snarky.

On Tue, Aug 18, 2015 at 6:27 PM, Ruben Safir <ruben at mrbrklyn.com> wrote:

> On 08/18/2015 09:25 AM, Kenneth Adam Miller wrote:
> > Ok- so I know that C is the defacto standard for kernel development.
>
>
> That about sums it up.  did you have some question about kernel
> development.  This is a mailing list on mentoring and skills
> developments in writing the Linux Kernel.  We know it is written mostly
> in C.  YOU KNOW it is written in C.  So after this, nothing else you
> wrote is relevant to THIS mailing list.
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20150818/5daeb229/attachment.html 


More information about the Kernelnewbies mailing list