Tracking Trust with Rust in the Kernel
4 days ago
- #Rust
- #Security
- #Linux Kernel
- Benno Lossin proposes an API for Rust in the Linux kernel to handle untrusted data from user space securely.
- The API introduces a new type, `Untrusted`, to mark data from untrusted sources, preventing accidental use without validation.
- `Untrusted` is a transparent structure with no runtime overhead, ensuring efficient memory usage.
- The API includes utility functions and support for common data structures like slices and vectors of untrusted values.
- A `Validate` trait is introduced to encapsulate logic for validating user-space data before use.
- Greg Kroah-Hartman suggests adding an example of a driver using `Untrusted`, particularly for `ioctl()` functions.
- The proposed API aims to enforce validation of user-space data systematically, reducing the risk of security vulnerabilities.
- Discussion on the patch set is expected at the upcoming Kangrejos conference.