lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <11e58048-9cc5-4d7a-b96f-54f9a44e0133@acm.org>
Date: Sat, 22 Feb 2025 18:08:46 -0800
From: Bart Van Assche <bvanassche@....org>
To: Kent Overstreet <kent.overstreet@...ux.dev>,
 Greg KH <gregkh@...uxfoundation.org>
Cc: Boqun Feng <boqun.feng@...il.com>, "H. Peter Anvin" <hpa@...or.com>,
 Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
 Christoph Hellwig <hch@...radead.org>,
 rust-for-linux <rust-for-linux@...r.kernel.org>,
 Linus Torvalds <torvalds@...ux-foundation.org>,
 David Airlie <airlied@...il.com>, linux-kernel@...r.kernel.org,
 ksummit@...ts.linux.dev
Subject: Re: Rust kernel policy


On 2/22/25 8:04 AM, Kent Overstreet wrote:
> On Wed, Feb 19, 2025 at 06:39:10AM +0100, Greg KH wrote:
>> Rust isn't a "silver bullet" that will solve all of our problems, but it
>> sure will help in a huge number of places, so for new stuff going
>> forward, why wouldn't we want that?
> 
> I would say that Rust really is a silver bullet; it won't solve
> everything all at once but it's a huge advance down the right path, and
> there's deep theoretical reasons why it's the right approach - if we
> want to be making real advances towards writing more reliable code.

The ultimate goal is probably that we can prove that code will behave as
intended before it is run. That goal might be difficult to achieve. It
would e.g. require a formal specification of the requirements, a formal
specification of the hardware the Linux kernel is interacting with and
software that helps with generating correctness proofs.

This goal falls outside the scope of the Rust programming language.

The following issues are not addressed by the Rust programming language
(this list is probably incomplete):
* Preventing DMA controller misconfiguration. This is a potential source
   of memory corruption that falls outside the scope of the Rust type
   system.
* Preventing privilege escalation issues.
* Preventing security configuration errors.

As an example, one of the most significant security incidents,
log4shell, is a type of security vulnerability that cannot be prevented
by the selection of the programming language.

Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ