The Internet Security Research Group (ISRG), the parent organization of the more famous Let’s Encrypt project, has awarded prominent developer Miguel Ojeda a one-year contract to work full-time on Rust in Linux and other security efforts.
What is a Rest for Linux?
As we discussed in March, Rust is a low-level programming language that offers the most flexibility and performance of C — the language used for kernels in Unix and Unix-like operating systems since the 1970s — in a more secure way.
Efforts to make Rust a viable language for Linux kernel development began at the 2020 Linux Plumbers conference, with the idea coming from Linus Torvalds himself. Torvalds specifically requested the availability of Rust compiler in the standard kernel build environment to support such efforts – not to replace the entire Linux kernel source code with Rust-developed equivalents, but to allow new development to run correctly. works.
Using Rust for new code in the kernel – which could mean new hardware drivers or even replacement of GNU Coreutils – may reduce the number of bugs lurking in the kernel. Rust simply does not allow a developer to leak memory or create the potential for buffer overflows – major sources of performance and security vulnerabilities in complex C language code.
Google, the ISRG and Ojeda
The new Internet Security Research Group contract gives Ojeda a full-time salary to continue the memory security work he already did part-time. ISRG Executive Director Josh Aas notes that the group has worked closely with Google engineer Dan Lorenc and that financial support from Google itself is critical to sponsoring Ojeda’s ongoing work.
“Major efforts to eliminate entire classes of security vulnerabilities are the best investments on a large scale,” Lorenc said, adding that Google is “excited to [help] The ISRG supports Miguel Ojeda’s work dedicated to improving kernel memory security for everyone.”
Prossimo and memory protection
Ojeda’s work is the first project to be sponsored under the Prossimo banner of the ISRG, but it is not the first step the organization has taken towards greater memory security. Past initiatives include a memory-safe TLS module for the Apache web server, a memory-safe version of the curl data transfer utility, and rustls, a memory-safe alternative to the ubiquitous OpenSSL network encryption library.
The Prossimo initiatives can be found at memorysafety.org, along with donation links – the ISRG and its Prossimo projects are supported 100 percent by charitable donations from both individuals and community-based businesses. If you want to join, the ISRG will accept direct currency donations via PayPal or Donorbox, various cryptocurrencies, and even mutual fund securities or shares.