Conversation

Replying to

@crowder

@DanielMicay

and

@rakyll

twitter.com/crowder/status We agreed that you were saying here that they were relying on implicit trust.

Quote Tweet

crοwder

@crowder

Apr 22, 2021

Replying to @InsanityBit and @rakyll

It would be difficult for an unknown individual or unknown/untrusted organisation. It's less difficult for a respected university willing to sacrifice its reputation.

Replying to

and

Yes, and you think it follows from that that I believe that it's hard to introduce a malicious patch? It neither follows, nor is my belief.

Replying to

and

OK, yes, that was what I thought and it certainly seemed to be what you were indicating.

Replying to

But it sounds like we're on the same page now - it's trivial for anyone to submit bugdoors to the kernel.

Replying to

and

I think it's non-trivial, but I'm happy to concede it's easier than it should be.

Replying to

and

OK, fair enough.

Replying to

and

But again, I don't think that's useful or actionable information. A better "result" would be recognizing that the C language is a large source of issues and figuring out ways to help the kernel migrate away from it. There are people working in better faith on those slns.

Replying to

and

Look through lkml.org/lkml/2021/4/14. Peter Zijlstra is one of the most important core kernel maintainers. The Linux kernel also has a lot more issues than the unsafety of C. The monolithic kernel architecture is as much of an issue, among other serious problems with it.

Replying to

Rust is perfectly suitable for writing Linux kernel code. The biggest barrier is not building the infrastructure for it. It's convincing them to accept it and start using it at all. It doesn't need language changes for it. Problems raised there already have available solutions.

Replying to

Similarly, they could choose to start using isolated code. The infrastructure for that was already partially built already. Good luck convincing them to accept even tiny performance and code size costs for it though, or even that it's a safer and more reliable architecture...

Replying to

Some of the most important kernel maintainers will happily argue that C is the safest language to use and a monolithic kernel design is safer because it doesn't have the complexity of isolation and messaging passing. I'm not presenting strawman arguments. They say that stuff.

12:04 AM · Apr 23, 2021Twitter Web App

Replying to

They often argue against optional attack surface reduction, useful mitigations, etc. and come up with ways to deride work on improving reliability and security. Peter rejected support for letting non-root users using perf events, despite it being adopted by Android, Debian, etc.

Replying to

He's often there deriding that kind of work, and is often in a position where he can reject it himself or sabotage it. That's what people are dealing with. He's hardly the only example. Linus himself often does the same stuff, but at least he acknowledges a lot of the problems.

Show replies