Post Syndicated from corbet original https://lwn.net/Articles/921799/
Kees Cook has posted a
detailed document describing the work to improve safety of
in the kernel.
Converting such codebases to use “modern” language features, like
those in C99 (still from the prior millennium), can be a major
challenge, but it is an entirely tractable problem. This post is a
deep dive into an effort underway in the Linux kernel to make array
index overflows (and more generally, buffer overflows) a thing of
the past, where they belong. Our success hinges on replacing
anachronistic array definitions with well-defined C99 flexible
This work has been covered here as well.