Linked by Thom Holwerda on Sat 2nd Sep 2017 00:34 UTC

The hardening of Android's userspace has increasingly made the underlying Linux kernel a more attractive target to attackers. As a result, more than a third of Android security bugs were found in the kernel last year. In Android 8.0 (Oreo), significant effort has gone into hardening the kernel to reduce the number and impact of security bugs.

Android Nougat worked to protect the kernel by isolating it from userspace processes with the addition of SELinux ioctl filtering and requiring seccomp-bpf support, which allows apps to filter access to available system calls when processing untrusted input. Android 8.0 focuses on kernel self-protection with four security-hardening features backported from upstream Linux to all Android kernels supported in devices that first ship with this release.

Is it common to have to backport security features of newer Linux versions to older ones? Or is this just a peculiarity of Android's Linux kernel being so far behind the times?

Order by: Score:
pretty much Android exclusive
by tidux on Sat 2nd Sep 2017 01:32 UTC
Member since:

In the GNU/Linux desktop/server space, LTS kernels normally only get security patches backported from upstream, and Canonical and Red Hat mostly just add hardware drivers to that for their long-lived releases. Everyone else either backports security fixes (Debian stable) or upgrades the kernel as a whole (everyone else). The only proprietary kernel modules still in common use are Broadcom NIC drivers and various GPU vendors, and most of those are built via DKMS anyway so they'll work after an upgrade. It's only Android's retarded "hurr let's not separate the system into packages so you have to upgrade everything at once" system and shittier third-party driver situation that require backporting large features.

Reply Score: 5

RE: pretty much Android exclusive
by Megol on Sat 2nd Sep 2017 15:53 UTC in reply to "pretty much Android exclusive"
Megol Member since:


Reply Score: 1

ssokolow Member since:

It's a controversial-to-the-point-of-counterproductiveness way of referring to systems built on the Linux kernel which present a glibc-compatible ABI, even as the proportion of GNU code in them has been slowly but methodically chipped away over the last decade or so.

It originates from Stallman trying to make up for Hurd still being vaporware and claim "the Linux distro" as a GNU accomplishment by bending the rules to define an OS as everything you need for self-hosted development and not a thing more. (eg. GCC is part of the OS, but X11 is not because console emacs doesn't need it.)

Of course, by that definition, things like Android and iOS aren't OSes yet and neither were versions of Windows and MacOS where the development tools cost extra and you hadn't bought them.

Honestly, I'm waiting for the day when musl-libc completes its support for presenting a glibc-compatible ABI so I can run my games on a busybox+musl-based distro and give the whole argument the finger.

Edited 2017-09-02 16:49 UTC

Reply Score: 4

cb88 Member since:

There is actually an effort to make Android self hosting by Rob Landley (author of the aboriginal distro and toybox swiss army knife busybox alike and one of the former maintainers of busybox)

And guess what.. its BSD licensed not GPL.

Basically its a from scratch rewrite of busybox with an aim to be able to self host Linux/Android builds, clean code (thats probably subjective though), and adherence to specs.

Reply Score: 2

tidux Member since:

Android is Linux, but not GNU. It seemed like an appropriate way to differentiate.

Reply Score: 5

ssokolow Member since:

For lack of a better choice, people have settled on overloading "Linux" to have two different meanings:

1. The kernel used in products like Android and Ubuntu.

2. The family of Unixy distros built around the Linux kernel, which includes distros like Alpine Linux, which use a non-GNU userland.

That's why "Android is not Linux"... because, despite being built on the Linux kernel, it considers its POSIXy undercarriage to be an implementation detail and its creators intentionally distance it from "Linux distros"... thus, it does not belong to the second definition.

Reply Score: 1

ssokolow Member since:

...and people can downvote me if they want, but shooting the messenger won't help.

People who say "Android is not Linux" have a specific meaning in mind for "Linux" and forcing them to redefine "Linux" to your definition won't magically change the message they're trying to communicate... it'll just annoy them and, if successful, force them to find another word that communicates what they've always intended. (Perhaps "Non-Android Linux", if they're feeling spiteful.)

Here's another example of that same principle of human behaviour:

With so many people with extreme views trying to hijack the "feminist" label, more and more people are calling themselves by other names like "egalitarian". Their position hasn't changed... they just decided that calling themselves "feminist" was a mistake now and possibly all along.

That's why it makes these extreme feminists so mad to learn of this shift in how people identify. Extreme beliefs tend to come from people who like to think in black and white and prefer simple solutions. Seeing people start to shift their identification away from the community you're trying to hijack via a redefinition in terms is proof that your magic "simple solution for a complex problem" isn't working.

Edited 2017-09-03 19:33 UTC

Reply Score: 2

jal_ Member since:

...and leave it to OSnews to derail a tech argument with an argument against human decency...

Reply Score: 2