This article is more than 1 year old
Linus Torvalds lauds fuzzing for improving Linux security
But he's not at all keen on Santa Claus or fairies
Linus Torvalds release notification for Linux 4.14's fifth release candidate contains an interesting aside: the Linux Lord says fuzzing is making a big difference to the open source operating system.
Torvalds' announcement says Linux kernel 4.14 is coming along nicely, with this week's release candidate pleasingly small and “fairly normal in a release that has up until now felt a bit messier than it perhaps should have been.”
This week's most prominent changes concern “... more fixes for the whole new x86 TLB [translation lookaside buffer – Ed] handling due to the ASID [address space ID - Ed] changes that came in this release.”
“The other thing perhaps worth mentioning,” Torvalds opines, “is how much random fuzzing people are doing, and it's finding things.”
Linus Torvalds' lifestyle tips for hackers: Be like me, work in a bathrobe, no showers before noonREAD MORE
Fuzzing is the practice of having code process considerable quantities of data, in order to observe any errors that produces.
“We've always done fuzzing (who remembers the old 'crashme' program that just generated random code and jumped to it? We used to do that quite actively very early on), but people have been doing some nice targeted fuzzing of driver subsystems etc, and there's been various fixes (not just this last week either) coming out of those efforts. Very nice to see.”
Torvalds has been on his best behaviour lately, with his list comments tending to the witty rather than the sweary.
Last week, however, he asked kernel developer Dimitry Yukov “Do you believe in fairies and Santa Claus?” Torvalds did so to point out that there is a “_way_ higher than the likelihood” of both being real than Yukov's approach to memory dependency management being succesful.
What? Santa and fairies aren't real?
You've broken our hearts, Linus. Broken. Our. Hearts. At least you didn't say anything mean about Unicorns. ®