Kernel Self-Protection Project/Linux Kernel Hardening/Open Source Security/Quick Post

Influencing Software Security: The Impact of the Kernel Self-Protection Project ⚔️🛡️🐧

Posted on December 6, 2023 by Gustavo A. R. Silva / 0 Comment

Table of Contents

Compiler Options Hardening Guide

On November 29th, the Open Source Security Foundation (OpenSSF) released a comprehensive and thorough hardening guide aimed at mitigating potential vulnerabilities in C and C++ code through the use of various hardening compiler options.

Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++ (blog post about the guide)
Compiler Options Hardening Guide for C and C++ (the guide)

This guide references some of the work we’ve accomplished over the years in the Kernel Self-Protection Project (KSPP), particularly our efforts to globally enable -Wimplicit-fallthrough and -fstrict-flex-arrays=3 in the upstream Linux kernel. 🐧

-Wimplicit-fallthrough

This warning flag warns when a fallthrough occurs unless it is specially marked as being intended. The Linux kernel project uses this flag; it led to the discovery and fixing of many bugs²¹.

An end to implicit fall-throughs in the kernel (LWN.net article)

-fstrict-flex-arrays=3

In this guide we recommend using the standard C99 flexible array notation [] instead of non-standard [0] or misleading [1], and then using -fstrict-flex-arrays=3 to improve bounds checking in such cases. In this case, code that uses [0] for a flexible array will need to be modified to use [] instead. Code that uses [1] for a flexible arrays needs to be modified to use [] and also extensively modified to eliminate off-by-one errors. Using [1] is not just misleading³⁹, it’s error-prone; beware that existing code using [1] to indicate a flexible array may currently have off-by-one errors⁴⁰.

Safer flexible arrays for the kernel (LWN.net article)
Progress On Bounds Checking in C and the Linux Kernel – Kees Cook, Google & Gustavo A. R. Silva (Presentation on YouTube)

GCC hardening features

The work of Qing Zhao is also referenced in the guide. Qing is making significant contributions to the KSPP by implementing hardening features in GCC, which we want to adopt in the Linux kernel.

GCC features to help harden the kernel (LWN.net article)

Beyond the Linux kernel

In conclusion, it’s quite fulfilling to see the hardening work we undertake in the Kernel Self-Protection Project having a significant influence in the world of software security, beyond the Linux kernel. 🙂

planet.kernel.org

Gustavo A. R. Silva

Gustavo A. R. Silva works full-time as an Upstream Linux Kernel Engineer, focused on security. Over the past several years, he’s been hunting and fixing all sorts of bugs and issues in the Linux kernel. Gustavo’s kernel work is supported by The Linux Foundation, and he is a member of the Kernel Self-Protection Project. He is a regular speaker at Kernel Recipes and has presented his work at other conferences like Linux Security Summit and Everything Open. Additionally, Gustavo has been an invited speaker at SSTIC. View all posts by Gustavo A. R. Silva →

Leave a Comment Cancel reply