Rust is creeping into the Linux kernel, which could mean a very important step forward in terms of security.
Rust has been threatening to creep into Linux in various ways for some time now. We’re talking Rust, the language, not rust the iron oxide. And the creeping shows zero signs of slowing. In fact, Rust has finally (and officially) found its way into the Linux kernel.
And that’s a good thing.
SEE: 5 Linux server distributions you should be using (TechRepublic Premium)
According to the Google Security Blog, the company declared (back in April) that Android now supported Rust for developing the OS and they (Google) were participating in the effort to evaluate the use of Rust as a supported language for the Linux kernel.
Since its inception, C has been the language for writing operating system kernels. Why? Because the language offers a certain level of control and predictability that other languages cannot match. And in the Linux kernel, memory issues have been quite low, due to the impeccable quality of the code. However, memory safety issues still occur. And given how many enterprise businesses now depend on Linux, even a single memory safety issue is one too many.
That’s where Rust comes in. Google has been all-in on this language because it can help reduce the number of bugs and security vulnerabilities. The goal, of course, is not to convert the entire kernel from C to Rust, but to allow newly submitted code to be written in the newly included language.
But don’t get your hopes up that you’ll see Rust in the stable kernel any time soon. The Linux kernel has more than 30 million lines of code. However, to that end, Google is now bankrolling the Internet Security Research Group (the parent company of Let’s Encrypt) to sponsor the Rust for Linux organization and is paying Miguel Ojeda as a full-time developer (with a one-year contract) to help make this happen.
The immediate goal is to write new Linux kernel components (such as drivers) in Rust and even (possibly) rewriting some of the riskier C code.
But why Rust?
One of the biggest reasons is that Rust will not allow a developer to create the potential for buffer overflows, thereby closing some of the various avenues hackers would normally take to break into a system.
On this project, Josh Aas, ISRG’s executive director, said, “When we think about what code is most critical for today’s internet, the Linux kernel is at the top of the list. Bringing memory safety to the Linux kernel is a big job, but the Rust for Linux project is making great progress.”
What is Rust?
Rust is a programming language that was designed, from the ground up, for performance and safety. Syntactically, Rust is similar to C++ and guarantees memory safety (without the help of garbage collection) by using a borrow checker (a way to force developers to manage ownership) to validate references. Rust was created by Graydon Hoare at Mozilla and has been voted “most loved programming language” every year (since 2016) in the Stack Overflow developer survey.
What does Linus think?
On July 10, 2020, Linus made his opinion clear when he said:
“No, please make it a ‘is rust available’ automatic config option. The exact same way we already do the compiler versions and check for various availability of compiler flags at config time.”
His goal was to ensure there was widespread testing. And although Torvalds wanted Rust to be enabled by default, he did not want to not make Rust a requirement in the kernel, but rather, make sure the Rust compiler was detected on the system.
Fast forward to 2021 it was made public (during the Linux Plumbers Conference) that both Linus and other core maintainers of the kernel had expressed an openness in principle to supporting kernel development in Rust. But it’s going to take considerable time if this is going to happen. Torvalds’ take is as simple as it is logical. He fully understands how many people (and businesses) depend on the Linux kernel and that the days of kernel developers doing “wild and crazy things” are over. Everything has to be carefully and meticulously planned.
SEE: The best programming languages to learn–and the worst (TechRepublic Premium)
If I had to make a prediction, I’d say the future is fairly clear. What we’ll see is a handful of drivers (specifically those required by big industry and enterprise businesses, such as a GPU driver for container deployment) written in Rust and accepted into the kernel. Once those have proven their merit, and the dust has settled from that inclusion, Rust will continue to creep further into the kernel until it shares a marked piece of the pie with C. Will it ever completely replace C? Not in my lifetime. C is just too powerful and efficient a language (plus… 30 million lines of C). But where security is of key importance, Rust might well overtake the default language in those particular areas.
It will, however, take considerable time. But that’s how rust works… slowly, methodically.