Linux kernel security work

Recently, things have been advancing which may finally allow a seamless virtualization experience on the Linux desktop (and match QubesOS in some security aspects).

GPU drivers supporting native contexts with Mesa support.

Wayland sharing between guest and host. It used to be somewhat sloppy (involved protocol parsing; sommilier & wayland-proxy-virtwl) but recently someone undertook a project to do it properly that may soon bear fruit: https://codeberg.org/drakulix/wl-cross-domain-proxy

A VMM to utilize these features: https://github.com/AsahiLinux/muvm

And a solution which ties these things together: https://git.clan.lol/clan/munix

this is why redhat is still relevant in 2025. there's always a need for this kind of work.

Sometimes I dream about a 100% secure OS. Maybe formal verification is the key, or Rust, I don’t know. But I would love to know that I can't be hacked.

if they really think that, they should have remove their CNA, no?

Meanwhile it's 2026 and Greg's own website still doesn't support TLS.

> If you are forced to use encryption to report security problems, please reconsider this policy as it feels counterproductive (UK government, this means you…)

LOL

"A bug is a bug" lol.

There's a massive difference between "DoS requiring root" and "I can own you from an unprivileged user with one system call". You can say "but that DoS could have been a privesc! We don't know!" but no one is arguing otherwise? The point is that we do know the impact of some bugs is strictly a superset of other bugs, and when those bugs give control or allow a violation of a defined security boundary, those are security bugs.

This has all been explained to Greg for decades, nothing will change so it's just best to accept the state - I'm glad it's been documented clearly.

Know this - your kernel is not patched unless you run the absolute latest version. CVEs are discouraged, vuln fixes are obfuscated, and you should operate under that knowledge.

Attackers know how to watch the commit log for these hidden fixes btw, it's not that hard.

edit: Years later and I'm still rate limited so I can't reply. @dang can this be fixed? I was rate limited for posting about Go like... years ago.

To the person who replies to me:

> This is correct for a lot of different software, probably most of it. Why is this a point that needs to be made?

That's not true at all. You can know if you're patched for any software that discloses vulnerabilities by checking if your release is up to date. That is not true of Linux, by policy, hence this entire post by Greg and the talks he's given about suggesting you run rolling releases.

Sorry but it's too annoying to reply further with this rate limiting, so I'll be unable to defend my points.

[flagged]

And then all our customers will demand fixes for them in our docker images, because they’re that smart.

There must be a way to ship a docker image without a kernel, since it doesn’t get used for anything anyway.

I think the most practical reason not to flag which bugs are security bugs is to avoid helping blackhat hackers by painting a giant neon sign and that should be more than enough.

I think all the other explanations are just double-think. Why? If "bugs are just bugs" is really a true sentiment, why is there a separate disclosure process for security bugs? What does it even mean to classify a bug as a security bug during reporting if it's no different than any other bug report? Why are fixes developed in secret & potential embargoes sometimes invoked? I guess some bugs are more equal than others?

Their view that security bugs are just normal bugs remains very immature and damaging. It it somewhat mitigated by Linux having so many eyes on it and so many developers, but a lot of problems in the past could have bee avoided if they adopted the stance the rest of the industry recognizes as correct.