There was a talk on security in Zephyr and Fuchsia. While the focus of the
conference is Linux, there’s a growing interest in running Linux in conjunction
with processors running other operating systems. Zephyr
is an open source RTOS targeted at processors with a smaller footprint than
Linux. Most of the security improvements have been adding features to take
advantage of the MMU/MPU. One of those features was userspace support, which
is always a bit of a surprise to hear as a new feature. Fuchsia is Google’s
new microkernel operating system. There’s some argument
that microkernels offer more security than Linux since more parts can
run in userspace. Much of the talk was about the resource and namespace
model. There’s been a good deal of work put into this but it was noted
much of this is still likely to be reworked.
Kees Cook talked about how to make C less dangerous. I’ve seen bits
and pieces of this talk before and LWN did a great writeup
so I won’t rehash it all. This did spawn a thread
about how exactly VLAs are or aren’t security issues.
Someone from Microsoft talked about Azure Sphere. Azure Sphere is
Microsoft’s attempt at an IoT based microprocessor that runs
Linux. The real challenge is that the device has 4MB. The talk
focused on what kinds of optimizations they had to do to get it
to run in that space. There’s been similar attempts before but
4MB is still incredibly impressive. I’ll be keeping an eye
out when the patches go upstream (and maybe buy a device).
Two people from the Android security team at Google gave a talk
about the state of things there. Much of the talk was numbers
was numbers and statistics. Standard recommendations
such as “reduce your attack surface” and “use SELinux” are very
effective at reducing the severity of bugs. Bounds checks were
a very common root cause. It turns out, copy_*_user APIs are
easy to get wrong. Features such as
are very effective here (there was an all too familiar story
about “well if I turn on hardened usercopy my tests don’t pass”).
The Android security team does great work and it’s good to
see the data.
Alexander Popov gave a talk on his experience in upstreaming
the stackleak plugin. This is a gcc plugin that’s designed to
clear the stack after every system call to reduce the chance
of information leak. The talk covered the history of development
from separating the plugin from grsecurity to its current form.
Like many stories of contributing, this one was not easy. It
took many iterations and has been dismissed by Linus. As of
this writing it still hasn’t been pulled in and I hope it gets
taken in soon.
Greg KH ~~generated headlines~~ talked about Spectre and Meltdown
response in the kernel. The most interesting part of the talk
was outlining the time frame of when various parts got fixed.
Also important was the discussion of stable kernels and pointing
out that backporting is a huge pain.
Sasha Levin and Julia Lawall talked about using machine learning
on stable trees. The current system for getting fixes into stable
trees relies on a combination of maintainers and developers
realizing a fix should go in. This leads to many fixes that could
be useful not actually making it in. The new idea is to use
machine learning to figure out what patches might be appropriate
for stable. Like all machine learning work, it’s not perfect
but it’s found a number of patches. Sasha has also done a lot
of analysis on the stable trees and buggy patches (it turns
out patches that come later in the -rc cycle are more likely
to be buggy) so this work is overall beneficial to the kernel.
I for one welcome our new bot maintainers.
Julia Cartwright talked about the state of the RT patches.
These patches have been out of tree for a very long time and
have been slowly getting merged. The good news is there may
be a light at the end of the tunnel thanks to a renewed
effort. The current patch set is a manageable size and the
current work can be explained in a few slides. She also
mentioned the RT group can always use more people to get
involved for anyone who is interested in fun projects.
Casey Schaufler discussed the trade offs in kernel hardening.
Security is often a trade off for some other aspect of system
performance (speed, memory). Security is also harder to
quantify vs. “it goes 20% faster”. Casey talked about some
examples similar to Kees of APIs that need to be corrected
and problems with getting things merged. Ultimately, we
are going to have to figure out how to make security work.
Amye Scarvada gave a talk about “rebooting a project”
but it was really a short workshop on a method of how
to do planning. The target audience was community managers
but I found it really useful for any project. She talked
about things like short and near term goals and determining
external vs internal and technical vs non techcnical problems.
Really helpful for framing problems.
Jim Perrin talked about making a move from engineering
to management. I’ve seen various people talk about this
before and the most important point to remember is that
management is not a “promotion”, it is a different track
and set of skills than engineering. You need to learn and
develop those skills. He gave some good examples of what
he had to figure out and learn. He emphasized that you
should not go into management unless you really want to.
Once again, really good advice.
There was a panel discussion about writing for your career.
All the the panelists work in open source and writing in some
fashion and encouraged everyone to write. Much of the discussion
was about how to work with professional editors and common
pitfalls people make when writing. Having a clear point to
your writing is important and makes writing easier (something I’ve certainly
found when trying to blog). You also don’t write a book to get rich. I
appreciated the insight from all the panelists and have some more ideas
for my own writing.
A big thank you to the organizers for giving
me a chance to look at actual penguins