Google said Thursday it’s funding a project to increase Linux security by writing parts of the operating system’s core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones.
If the project succeeds, it’ll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that’s become foundational to Google’s Android and Chrome operating systems as well as vast swaths of the internet.
Miguel Ojeda, who’s written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that’s also made it easier to secure website communications through the Let’s Encrypt effort.
Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.
Better security for Linux is good news for everyone but hackers. In addition to the Android and Chrome OSes, Google services like YouTube and Gmail all rely on servers running Linux. It also powers Amazon and Facebook, and is a fixture in cloud computing services.
It isn’t clear if Linux kernel leaders will accommodate Rust. Linus Torvalds, the founder of Linux, has said he’s open to change if Rust for Linux champions prove its worth. Ojeda has proposed 13 changes needed to allow Rust modules in Linux to get things started.
Google already has taken some early steps to make it possible to use Rust for Linux Android. Getting buy-in at the highest levels of the Linux kernel project means many other software projects could benefit, too.
Google credits the Linux community programmers who began the Rust for Linux project. “The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system,” Google said in a blog post.
Rust, which was developed by Firefox maker Mozilla and is now run by the independent Rust Foundation, makes it safer for software to write to memory. Hackers can exploit memory problems, hiding malicious extra code in out-of-bounds memory areas. Rust checks for those and other problems when programmers are building their software. And it’s been the most loved programming language for five years running in Stack Overflow’s annual developer survey.
“Rust represents the best alternative to C and C++ currently available,” Microsoft’s security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust’s checks happen while software is being built, the safety doesn’t come at the expense of performance when the software is running.
The goal of the Linux on Rust project isn’t to replace all of Linux’s C code but rather to improve selective and new parts.
“For the foreseeable future we plan to focus on certain security critical components and drivers,” said Josh Aas, who runs ISRG’s Prossimo project to move critical Internet software to memory safe software. Drivers are operating systems modules that control specific devices like printers, network adapters and graphics chips.
Google isn’t placing its only bets on Linux and Rust. It’s got its own memory-safe language, Go, and a new operating system called Fuchsia it’s begun using in its Nest Hub smart screen.
“Google has a variety of other investments in languages, tools, and platforms,” a company spokesman said. “Having multiple solutions to related but not necessarily overlapping problems allows for a cross pollination of good ideas to be reused.”