The summit was used to expose a number of flaws in Linux’s design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it’s also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
There are fundamental problems in Linux’s approach to security that make it incongruous against modern devices. The kernel still assumes it is being managed by a system administrator. That’s not always true though. The owner of an Android phone is unlikely to be adept at protecting themselves. The mobile platform is also famed for its fragmented nature that means most phones never receive security updates. Linux needs to be able to defend itself and protect users.
The problem is that Linux wasn’t designed to proactively deal with attacks. Researchers told attendees at the summit that the kernel needs to be able to expect an attack and handle it gracefully. At the moment, Linux cannot effectively protect itself. It’s up to developers to issue patches for security compromises as they’re found. All too often, these patches don’t make their way to the devices that most need them.
“We approach security today as though we are still living in the world of the 1990s and 2000s, computers in a data centre managed by knowledgeable people,” Konstantin “Kai” Ryabitsev told Ars Technica. Kai, a senior systems administrator at the Linux Foundation, warned Linux’s assumption that it is secured and managed by professionals is a weakness that needs to be resolved.
“For the cases where computers are not well protected in the hands of end-users who are not IT professionals, and who do not have any recourse to IT professional help, we need to design systems that proactively protect them,” Ryabitsev said. “We have to change the way we approach this dramatically, the same way the vehicle manufacturers in the 1970s did.”
This comparison to the car industry’s wake-up call has become popular amongst Linux security experts. In 1965, Ralph Nada warned the public that cars were “unsafe at any speed” in a now famous book. “Cars were designed to run but not to fail,” Kees Cook, head of the Linux Kernel Self Protection Project, said at the summit. “Very comfortable when you’re going down the road, but as soon as you crashed, everybody died.”
“That’s not acceptable anymore, and in a similar fashion the Linux kernel needs to deal with attacks in a manner where it actually is expecting them and actually handles gracefully in some fashion the fact that it’s being attacked.”
Linux is facing a complex issue that could prevent IoT from getting established if not promptly solved. Developers are calling for a significant overhaul of the kernel that would allow it to become aware of attacks and take action against them. Any resolution is still a long way off though. Until then, Linux remains vulnerable to the injection of malicious code by outsiders, a weakness that will become more significant in the coming years.
Researchers have warned that the threats presented at the summit aren’t just theoretical examples. It is believed that serious attackers, such as state-sponsored actors, actively monitor every code change made to the Linux kernel. They spot potential vulnerabilities the moment they’re created, enabling them to develop exploits months or even years before the kernel developers spot the hole and release a patch.
This approach is unsustainable for the long-term. It requires attention now so Linux is prepared for the onslaught of devices expected to come online in the next decade. Without the security overhaul it requires, the operating system could be usurped by a more resistant IoT platform in the future.
