Security requirements for new kernel features
Security requirements for new kernel features
Posted Aug 15, 2022 18:03 UTC (Mon) by jezuch (subscriber, #52988)Parent article: Security requirements for new kernel features
> For example, developers must be aware of locking and the locking requirements of subsystems they call into or things may go badly wrong. Memory must be handled according to the constraints placed on the memory-management subsystem, and developers creating complex caches may have to implement shrinkers to release memory on demand. CPU hotplug affects many subsystems and must be taken into account. The same is true of power-management events. Changes to the user-space API can create unhappiness years later. Inattention to latency constraints may create trouble in realtime applications. A failure to properly document a subsystem will make life harder for developers and users — but they are all used to that by now.
> And, of course, a failure to provide proper security hooks will hobble the ability of administrators to control process behavior by way of LSM policies.
My $DAYJOB recently introduced a checklist in the pull request template. It pertains mostly release notes and documentation, but I imagine it could at least help here. Of course people will ignore it, will mis-judge the requirements etc, but maybe in the case of the bigger pull requests someone will insist on it being at least seriously considered.