Linux 6.9 Sees Further Security Hardening

Written by Michael Larabel in Linux Security on 24 March 2024 at 06:58 AM EDT. 5 Comments
LINUX SECURITY
With security concerns at all-time highs in the industry, Linux 6.9 is seeing yet more work to beef up its security hardening with various additional safety checks and other compile-time defenses for ensuring security best practices.

Kees Cook submitted the wide assortment of hardening updates at the start of the Linux 6.9 merge window. He summed it up as being "pretty normal" and "all over the place" in terms of different changes and improvements.

Linux 6.9 is re-introducing the Undefined Behavior Sanitizer (UBSAN) signed overflow sanitizer to continue testing and making improvements compiler-side and discovering other ways to make that sanitizer more useful to the benefit of everyone. The signed overflow sanitizer was previously removed since it was effectively useless at the time when paired with the "-fno-strict-overflow" compiler option. But with the sanitizer improvements being made and wanting to better check against unexpected signed wrap-around, the sanitizer use is being restored.

hardening memory...


The hardening pull also has various Kconfig updates, header updates, dropping a 13 year old CAP_SYS_ADMIN backward compatibility check, and other minor changes in the name of security hardening.

This pull since merged lays out the changes for further hardening Linux 6.9.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week