In a recent interview published on Linux.com Greg Kroah-Hartman, maintainer of the Linux Kernel’s stable branch talked about new additions that should make Linux more resistant against potential security bugs. The most obvious example of this on Linux 4.6 is that it has a write-only protection to all the data structures. This new feature works in the way that if a bug appears where you would usually be able to overwrite memory fragment, it prevents you from doing that so that the said bug won’t make any additional harm.
This is just a part of the general focusing of Linux developers on security issues because Linux is still relatively far from being security foolproof. Kroah-Hartman said that in addition to shielding data structures from being overwritten by users “We have people working on a lot of things: taking bits and pieces of the GRSec, the large security patch set, taking them and merging them into the kernel as needed,” making Linux 4.6 the most secure Linux to date. Two Linux-based OSs (Chrome OS and CoreOS) support automatic kernel updating and Kroah-Hartman wants for Linux and Android distributors to also support it because it will enable better distribution of security updates.
He explained that in Chrome OS and CoreOS “You have two system images. You’re going to update one. Once you know it works, it can switch over to the other one. You have to be able to update it in a secure way. This technology’s been proven. It’s solved. People just need to use it and build it into their systems. The kernel is not going to go around updating itself on its own. It’s up to the infrastructure you built for your product.”
4.6 also brings support for using two separate pages for Extensible Firmware Interface (EFI) when executing its firmware code, isolating the EFI code from the rest of the kernel.
Other features in the new release include support for 13 more ARM SOCs (System On Chip), a better 64-bit Arm support, and a support for IBM’s Powerg processors. The list of new features and fixes continues with the fix for Infiniband interface problem, the kernel now supports OrangeFS and the Synaptic RMI4 protocol. RMI4 is a native protocol for all Synaptics touchscreens and touchpads.
Linux can now fully use USB 3.1’s 10Gbps speeds, and you can now expect better support for Intel Skylake Chips and Dell and Alienware Notebooks. As Kroah-Hartman explained, “Once you get into a dynamic environment, you have to be able to update. People need to embrace change. They need to get over that fear of change doesn’t work.” A major release, according even to Linus Torvalds who said that “The 4.6 kernel, on the whole, was a fairly big release.”