Script Integrity - Mickaël Salaün, Microsoft // TRAIN BRAIN

Script Integrity - Mickaël Salaün, Microsoft

Don't miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Script Integrity - Mickaël Salaün, Microsoft
Starting with Linux 6.14, we will be able to securely control script execution using new execveat(2) and prctl(2) flags, successors to O_MAYEXEC. This marks a crucial step toward fully supporting code integrity on Linux.
The next steps involve enlighting script interpreters and providing users with straightforward ways to incrementally enforce such restrictions. Options include leveraging existing LSM policies and configuring user-space process management services (e.g., systemd).
In this talk, we will explore the kernel changes that were required (e.g., uAPI, IMA, IPE) and the ongoing complementary user-space updates, including script enlightenment. We will also explain the rationale behind the new securebits and how they facilitate a smooth migration, especially for generic Linux distributions.

The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the L...

Hardeep Singh Tiwana has a message for you: launch windows don't stay open forever!

Golden Kubestronaut Fabrizio Sgura say you can go a lot farther than you think!

Hoon Jo says Cyber Week is the best time to get your Kubernetes certification!

Artem Lajko says, Kubestronauts don't wait — they launch when the Cyber Week window opens.

Nasiullha Chaudhari, DevOps Tip: If you want Kubernetes certification, Cyber Week is THE week.

Reynaldo Linares, Cloud Engineer: Kubernetes certifications keep you focused on skills that matter!

Golden Kubestronaut & CNCF Ambassador Pedro Célestin: Cyber Week has the best deals of the year!

Cloud native genius James Spurin says, CYBER WEEK STARTS TOMORROW! Save up to 65%

Christophe Sauthier announces Cyber ​​Week starts December 1st!

A message on Cyber Week from CNCF Ambassador Dmitry Shurupov, Co-Founder, Palark GmbH

Why OpenSearch Is Becoming the Backbone of AI & Observability | Bianca Lewis, OSSF

Thomas Dohmke, Former CEO, Github in Conversation with Gab Columbro, GM, Linux Foundation Europe

Energy Update - Christophe Villemer, Savoir-faire Linux

Keynote: Daniele Tonella, Chief Technology Officer, ING

Keynote: Closing Remarks - Gabriele Columbro, General Manager, Linux Foundation Europe

The State of Play of Open Source in Europe - Hilary Carter, LF Research

Welcome + Opening Remarks - Gabriele Columbro, General Manager, Linux Foundation Europe

LF Europe Update: Policy, Projects, Priorities - Mirko Boehm, Sr. Director of Community Development

Margo Project Update - Paul Brooks, Steer Co-representative of Rockwell Automation at Margo

NeoNephos: Building a Sovereign Cloud Native Technology Stack - Peter Giese, SAP

Driving Automotive with Open Source: From Compliance to Collaboration - Philipp Ahmann, Etas GmbH

Challenges Using OSS in Financial Services - Renzo Cherin, Lloyds Banking Group

Closing the Backdoor: Digital Sovereignty for EU & Public Authorities with Open Source

Panel Discussion: Open Source Enabling Industrial Innovation

Panel Discussion: Public & Private Support of the Open Source Ecosystem

Sponsored Session: Building Enterprise Solutions in the AI-Native Era with Red Hat - Daniel Oh

Keynote: The Open Source Pathway: Democratizing AI's Benefits to Korea's Economy... - A. Hermansen

Governing Open Source in the Enterprise: OSPO Strategies for Innovation and Compliance -David Hirsch

Keynote: Owning Your Silicon Future Starts with Building on RISC-V - Divyang Agrawal

Keynote: Linus Torvalds, Creator of Linux & Git, in Conversation with Dirk Hohndel

The Open Source Imperative in AI: Transparency, Governance, and Global... - C. Xie & J. McCrosky

Vector Search Made Simple: Getting Started with OpenSearch for AI Applications - Dotan Horovits

Keynote: Rust in the Linux Kernel, Why? - Greg Kroah-Hartman

Securing Open Source With SBOM: From Visibility To Trust - Heejo Lee, Korea University

How To Talk To Your Lawyer about Open Source - Jimmy Ahlberg, Ericsson

Accelerating Korea's Open Source Future: Workforce, Innovation, & AI - Anna Hermansen

Keynote: OpenSearch: From Project to Community-Driven Ecosystem—Building Sustainable... - A. Ross

LF Webinar: Streaming Data Design Patterns: Battle-Tested Tips & Tricks for Mission-Critical Systems

The Linux and Cloud IT Certification Journey

Linux and Cloud IT Certification Journey

What Makes Tech Talent Stick 2025 State of Tech Talent Report

Panel Discussion: Open Source as a Path for a Competitive Automotive Industry

Hardening the Barebox Bootloader - Ahmad Fatoum, Pengutronix

Prioritizing the Linux OS Hardening and CVE Mitigation - Baoli Zhang, Intel

Welcome Back + Remarks - Elena Reshetova, Security Architect, Intel

Opportunities and Challenges on Merging HW Security Features into Linux Mainline Kernel - Panel

SELinux Update - Paul Moore, Microsoft

Welcome + Opening Remarks - Elena Reshetova, Security Architect, Intel

Linux and CHERI: Back to the Future - Carl Shaw, Codasip

FineIBT Enhanced: Hardening Linux’s Microarchitectural Security on X86 - S. Constable & S. Österlund

Securing CI/CD Runners Through eBPF - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto

AppArmor Update - John Johansen, Canonical

IMA Update: Lessons Learned from Re-implementing IMA-measurement in User Space - Roberto Sassu

Landlock Config - Mickaël Salaün, Microsoft

Kernel Hardening With Protection Keys - Kevin Brodsky, Arm

Recoverable, Tamper-resistant Full-disk Encryption at the Distributed Edge - Kobus van Schoor

Script Integrity - Mickaël Salaün, Microsoft

LF Live Webinar: Bridging the Dev-SRE Gap with Active Telemetry

Open Source Driven IoT and Edge Computing - Case Studies from C-DAC - Raghu H V, C-DAC

LFN AI Taskforce: Platform-Driven Fede... Praveen Kumar Kalapatapu, Chetana Amancharla & Samit Sawal

The Role of OSPO Manager for the Organization’s Success - Kiran Kumar Reddy Aluka & Sudhakar

Panel Discussion: Decentralized Identity Deep Dive - Advances in Trust, Security and Scalability

Policy To Pipeline: How OSPOs Can Power Regulatory Readines... Ayan Sinha Mahapatra & Arun Azhakesan

Prometheus Governance 2.0: A Case-study in Evolving the Governance With Gr... Goutham Veeramachaneni

InnerSource at Scale: A Platform-centric Approach - Turja Narayan Chaudhuri

Zero-Trust Containers: Rethinking Security in the Age of Ephemeral... Unnati Mishra & Akshat Khanna

Introduction to India Open Source Mobile Communication Network - Krishna Sirohi

How Open Source is Leading Open Innovation at Scale - Naresh Kumar Gajendran & Sachin Bhakar

Printk Should Be Your Last Resort - Sundeep Subbaraya, Marvell

Lightning Talk: Real-Time Weather Forecasting in AgS... Srinivas Mudda, Aakash Panwar & Nida Noorain

Overview of Linux Page Migration and Accelerating It With Multi-threading and DMA Of... Shivank Garg

Lightning Talk: Can the Internet Function Without the Internet? - Samarth Sharma, Metafic

How Cisco's AGNTCY Solves AI Agent Fragmentation Under Linux Foundation | Vijoy Pandey

Why AI Agents Need A2A & Open Source | David Nalley & Antje Barth (AWS)

Why Open Source AI Is Key to Economic Growth, Talent Retention & Cyber Resilience

OpenSearch Momentum: 46% Contributor Growth, AI Agents & Enterprise Scale | Mukul Karnik

OpenSSF’s CRob on CRA, Developer Liability & Protecting Open Source Projects

? Open Source Summit North America 2025 Highlights

? Open Source Summit North America 2025 Highlights

Measuring the Real-World Impact of Open Source AI | Frank Nagle, Linux Foundation

Christophe Sauthier announces Cyber Week starts December 1st!