What we really need is a better language. The surface for most of these
holes (null pointer dereference, integer and buffer overflow holes, at
least) could be reduced to that tiny subset of the kernel implemented in
assembler. Wire something like the pi calculus into the language and even
races would be automatically detectable. (Obviously we can't eliminate all
DoS attacks, ever, even with formally proven perfect hardware and an ideal
language. That class of holes will always be with us.)
But for better or worse Linux is written in C, dammit, so these holes will
keep on coming. Until we find a way to avoid all mistakes I don't see a
way to stop them, though sparse and friends can at least slow them down, a
bit. Blaming people for introducing holes when writing in a language like
this is like blaming people for tripping when walking backwards,
blindfolded, over rocky ground, in a blizzard, during an earthquake.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds