Play all

Intro

Making C Less Dangerous in the Linux kernel

Kernel Self Protection Project

C as a fancy assembler: almost machine code

C as a fancy assembler: undefined behavior

Variable Length Arrays and alloca () are bad

Variable Length Arrays are slow

Variable Length Arrays: stop it

Switch case fall-through: new "statement"

Always-initialized local variables: just do it

Always-initialized local variables: switch gotcha

Arithmetic overflow detection: gcc?

Arithmetic overflow detection: Clang :

Bounds checking: explicit checking is slow

Instead of sprintf(): scnprintf()

Instead of memcpy: uhhh ... be ... careful?

Bounds checking: memory tagging :

Control Flow Integrity: indirect calls

CFI, forward edges: just call pointers

CFI, forward edges: enforce prototype :

CFI, backward edges: two stacks

CFI, backward edges: shadow call stack

CFI, backward edges: hardware support

Where is the Linux kernel now?

Challenges in Kernel Security Development

Description:

Explore strategies for enhancing C language safety in Linux kernel development during this 45-minute conference talk from linux.conf.au. Delve into techniques for mitigating undefined behaviors, removing Variable Length Arrays, enforcing stack variable initialization, implementing implicit bounds checking, handling arithmetic overflows, and protecting function calls with Control Flow Integrity. Learn how the Linux kernel is adapting C standards and reorganizing code to reduce security vulnerabilities and strengthen infrastructure. Gain insights into the Kernel Self Protection Project and understand the challenges faced in kernel security development.

Making C Less Dangerous in the Linux Kernel

linux.conf.au

Add to list

#Conference Talks #linux.conf.au #Programming #Programming Languages #C Programming #Information Security (InfoSec) #Cybersecurity #Security Vulnerabilities #Computer Science #Information Technology #Linux #Linux Kernel Development #Control-Flow Integrity