The ISRG wants to make the Linux kernel memory-safe with Rust | #linux | #linuxsecurity


Enlarge / No, not that kind of Rust.

The Internet Security Research Group—parent organization of the better-known Let’s Encrypt project—has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts on a full-time basis.

What’s a Rust for Linux?

As we covered in March, Rust is a low-level programming language offering most of the flexibility and performance of C—the language used for kernels in Unix and Unix-like operating systems since the 1970s—in a safer way.

Efforts to make Rust a viable language for Linux kernel development began at the 2020 Linux Plumbers conference, with acceptance for the idea coming from Linus Torvalds himself. Torvalds specifically requested Rust compiler availability in the default kernel build environment, to support such efforts—not to replace the entire source code of the Linux kernel with Rust-developed equivalents, but to make it possible for new development to work properly.

Using Rust for new code in the kernel—which might mean new hardware drivers or even replacement of GNU Coreutils—potentially decreases the number of bugs lurking in the kernel. Rust simply won’t allow a developer to leak memory or create the potential for buffer overflows—significant sources of performance and security issues in complex C-language code.

Google, the ISRG, and Ojeda

The new contract from the Internet Security Research Group (ISRG) gives Ojeda a full-time paycheck to continue memory safety work he was already doing on a part-time basis. ISRG Executive Director Josh Aas notes that the group has worked closely with Google engineer Dan Lorenc and that financial support from Google itself is critical to sponsoring Ojeda’s ongoing work.

“Large efforts to eliminate entire classes of security issues are the best investments at scale,” Lorenc said, adding that Google is “thrilled to [help] the ISRG support Miguel Ojeda’s work dedicated to improving the memory safety of the kernel for everyone.”

Prossimo and memory safety

Ojeda’s work is the first project to be sponsored under the ISRG’s Prossimo banner, but it’s not the first step the organization has taken for greater memory safety. Previous initiatives include a memory-safe TLS module for the Apache web server, a memory-safe version of the curl data transfer utility, and rustls—a memory-safe alternative to the ubiquitous OpenSSL network encryption library.

The Prossimo initiatives can be found at memorysafety.org, along with donation links—the ISRG and its Prossimo projects are 100 percent supported by charitable donations, from both individuals and community-minded companies. If you’d like to get involved, the ISRG accepts direct currency donations via PayPal or Donorbox, various cryptocurrencies, and even securities or shares in mutual funds.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

eighty seven − = 81