Presented by

  • Keith Packard

    Keith Packard
    @keith_x11
    https://keithp.com

    Keith Packard has been developing free software since 1986, working on the X Window System, Linux, amateur rocketry and educational robotics. He is currently a senior principal engineer with Amazon's Device OS group which helps build devices like the Halo, Echo, Fire TV and Kindle. He received a Usenix Lifetime Achievement award in 1999, an O'Reilly Open Source award in 2011 and sits on the X.org Foundation and Amateur Radio Digital Communications (ARDC) boards. Keith uses he, him and his pronouns.

Abstract

Preventing software bugs from becoming security vulnerabilities has been an ongoing project for numerous kernel developers. Things like array bounds checking, stack smash detection and limiting memory access in kernel mode aren't directly fixing bugs, they're making current and future bugs easier to catch while making them less damaging. Many of these measures can be done in an architecture- independent fashion to benefit all Linux users. Others require custom code for each family of processors. Several of these critical mitigations have not yet been implemented for 32-bit ARM processors. This presentation will describe the missing functionality, explain how those gaps enable potential security exploits, outline several possible ways that were evaluated for each implementation, and finally show the architecture chosen for merging upstream.