Linux has quietly taken over the world. The operating system now powers the large datacenters that make all our cloud applications and services possible, along with billions of Android devices and internet-connected gadgets that comprise the internet of things (IoT). Even the systems that handle the day-to-day operations on theInternational Space Stationrun Linux.
The fact that Linux is everywhere makes kernel security the highest priority. An issue in the kernel can easily create ripples that are felt by practically everyone. Finding and fixing vulnerabilities in the kernel is only one aspect of Linux security; enabling the kernel to withstand attacks is even more vital.
"Honestly, updating is always going to lag behind," says Linux creator and pioneer Linus Torvalds. "But one of the reasons for a lot of the hardening work is to hopefully make updating less critical, in that even if there is a bug that would be a security hole, hardening efforts mitigate it to the point where it's not an acute security issue."
Beyond bug fixes
Plenty of people scrutinize Linux kernel code for security vulnerabilities and fix them. More than 200 security vulnerabilities were found in theLinux kernelin 2016, including the critical use-after-free vulnerability affecting Linux kernel versions older than 4.5.2 (CVE-2016-7117) that allowed remote attackers to execute arbitrary code without requiring authentication or any specialized tools. The JanuaryAndroid Security Bulletinfixed a critical buffer overflow vulnerability affecting the storage subsystem (CVE-2016-8459) in Linux Kernel 3.18 and Android, and theupcoming Linux Kernel 4.10is expected to include more security fixes.