how is your work on KSPP these days?
Conversation
Replying to
I mostly stopped working on kernel hardening, especially submitting changes upstream, because I got tired of dealing with the toxic environment. I also increasingly feel Linux kernel security is a lost cause and I'm hopeful for a future with a microkernel + Linux compat layer.
1
1
2
The Linux kernel is the equivalent of running the entirety of userspace as root in PID 1. There's no isolation or internal security model. It keeps getting worse as more and more complexity is piled on, all of it implemented in C and without any isolation between components.
They've also introduced a very powerful bytecode interpreter / JIT compiler (eBPF) that's being increasingly used for different features.
I don't think the approach of piling on exploit mitigations to a project without safe tools (memory safe languages) and isolation can work.
1
Exploit mitigations should be a final line of defence to raise the cost of attacks, not the entire basis for security. The *nix security model has also aged poorly and the only way to get decent security policies for userspace is SELinux combined with various ad-hoc features.
1
Show replies