Linux is becoming more secure.
Google and the Linux Foundation recently announced that Google will fund two full-time Linux security developers to focus entirely on securing the kernel.
There's always room for Linux security improvements – especially with a project that currently weighs-in at close to 29 million lines of code, meaning there's plenty of room for mistakes. Since Linux is open source, the code is also freely available for everyone to see, even bad actors looking for vulnerabilities to exploit.
Protecting against exploits is important, since Linux not only powers most data center workloads and an estimated majority of Web servers, it's running IoT devices at the edge and is the backbone of consumer devices such as Android phones and Chromebooks.
Google's Open Source Connection
This isn't the first time that Google's jumped in to fund Linux security developers for open source projects. In early February, Google donated $350,000 to the Python Software Foundation to support projects focused on improving supply-chain security. It's also a dues-paying founding member of the Open Source Security Foundation, a Linux Foundation project dedicated to improving open source software security.
According to Dan Lorenc, the engineering lead with Google's open source security team, Google's interest in improving Linux security stems from its role as a producer of open source software.
"Our team is responsible for making it easy for Google to securely consume open source software that we take in as our dependencies to power pretty much all of our infrastructure," he said. "Also, to make it easy for Google engineers to securely produce and deliver open source software in things like Chrome, Android and cloud – all over Google."
Linux's New Dedicated Security Team
The two Linux security developers that Google is funding are already seasoned Linux kernel maintainers. This is par for the course, Lorenc said, because Google's approach to starting security initiatives within existing software projects is to work with people who are already on board as active maintainers.
Of the two, Gustavo Silva, who submitted his first kernel patch in 2010 and is now an active member of the Kernel Self Protection project, has the most experience as a Linux developer. Since 2017 he has consistently been one of the five most active kernel contributors, with more than 2,000 commits. Nathan Chancellor, the other new full-time security developer, had been working on Linux part-time while attending school.
"Nathan was doing this while he was going to university, just kind of nights and on the weekends, and when we were talking to different people across Google looking for recommendations on who we could expand this program with, his name jumped out as somebody that might want to be able to do this full time with some funding," Lorenc said.
"That's how we're able to scale up this approach without dropping in a whole bunch of new people that need time to ramp up and meet and figure out how to work with the existing community."
Finding Security Holes
Silva’s Linux security work is dedicated to eliminating several classes of buffer overflows, primarily by taking advantage of warnings issued by the GCC compiler that's used to convert the human-readable code used to write Linux into the binary code used by computers.
"Gustavo's work is to trim down all the different compiler warnings that get spit out when you build the Linux kernel," Lorenc said. "There are thousands of them now, depending on how you build it, and the compilers are getting smarter and adding more warnings over time. He's just trimming down where he can, looking for the most dangerous ones and focusing on those first."
Chancellor, who has been contributing to Linux under the ClangBuiltLinux project, a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools, will be doing similar work, but with Clang instead of GCC.
"Clang has a completely different set of security checks that it can do, and can maybe help detect and find other buffer overflows and other things like that," Lorenc said. "It's also part of some other longer-term efforts, things like control flow integrity protections in the kernel, that make it important to have the Clang tool chain."
"That's a way to mitigate the effects of buffer overflows when they do happen, to make them less dangerous by managing new compiler technology," he added.
Getting Others Involved
Lorenc said that one of the reasons Google has gone public about its funding of open source security projects and Linux security developers is that it hopes to set an example for other companies using Linux and open source.
"We talk to a lot of people that are using Linux and using other open source packages, and everybody acknowledges that they need to find ways to better support the underpaid and overworked maintainers doing these things, and people struggle with how to do that," he said.
"One of the reasons we're announcing this is just to show how this can work and some of the ways that we've been approaching this problem to help other people jump in," Lorenc added. "If you're using Linux somewhere and you want to help improve it, then this is a decent program and a good way to get involved and try to do that."
