Linux is pretty secure right? Well, like everything else, there are and have been problems. Google is aware of this and they use Linux for a lot and now they're providing funding to help boost Linux security.
Announced by the Linux Foundation funding has been provided to prioritize two full-time maintainers, Gustavo Silva and Nathan Chancellor, who will focus solely on Linux Kernel security development to ensure "the world's most pervasive open source software project is sustainable for decades to come".
Chancellor will currently be working on "triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing", whereas Silva will be "dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types". Both of them will be doing other important work after that too.
Security is always going to be a concern for such a large project, and while people who work on the Linux Kernel always think of it, issues can and do slip through. It's impossible not to though, when you consider that tens of thousands of people work with the kernel (over 20,000 according to the Linux Foundation!).
In an interview with The Register, Google's open-source security team lead Dan Lorenc mentioned plenty more detail and how they had been finding bugs "way faster than we can fix them" so it sounds like this will help a lot.
This is important to all of us of course, since we want Linux as a desktop operating system to be as secure as possible to play our favourite games on.
Quoting: JaredThat sounds terrific. Linux would be finally getting proper CFI support.
I'm probably not the only one not to know...
But not exactly surprising, when you consider that they apparently banished Windows from their internal systems.
Wasn't CFI already implemented on Android? I am sure that at the very least GrapheneOS makes use of it.
See more from me