Linked by Thom Holwerda on Sat 2nd Sep 2017 00:34 UTC
Android

The hardening of Android's userspace has increasingly made the underlying Linux kernel a more attractive target to attackers. As a result, more than a third of Android security bugs were found in the kernel last year. In Android 8.0 (Oreo), significant effort has gone into hardening the kernel to reduce the number and impact of security bugs.

Android Nougat worked to protect the kernel by isolating it from userspace processes with the addition of SELinux ioctl filtering and requiring seccomp-bpf support, which allows apps to filter access to available system calls when processing untrusted input. Android 8.0 focuses on kernel self-protection with four security-hardening features backported from upstream Linux to all Android kernels supported in devices that first ship with this release.

Is it common to have to backport security features of newer Linux versions to older ones? Or is this just a peculiarity of Android's Linux kernel being so far behind the times?

Permalink for comment 648516
To read all comments associated with this story, please click here.
ssokolow
Member since:
2010-01-21

It's a controversial-to-the-point-of-counterproductiveness way of referring to systems built on the Linux kernel which present a glibc-compatible ABI, even as the proportion of GNU code in them has been slowly but methodically chipped away over the last decade or so.

It originates from Stallman trying to make up for Hurd still being vaporware and claim "the Linux distro" as a GNU accomplishment by bending the rules to define an OS as everything you need for self-hosted development and not a thing more. (eg. GCC is part of the OS, but X11 is not because console emacs doesn't need it.)

Of course, by that definition, things like Android and iOS aren't OSes yet and neither were versions of Windows and MacOS where the development tools cost extra and you hadn't bought them.

Honestly, I'm waiting for the day when musl-libc completes its support for presenting a glibc-compatible ABI so I can run my GOG.com games on a busybox+musl-based distro and give the whole argument the finger.

Edited 2017-09-02 16:49 UTC

Reply Parent Score: 4