Separately from using a memory safe language for most of the code, device drivers usually do not need to run in a privileged context. They can be run in an isolated process with the IOMMU containing the hardware. Exploiting a network driver shouldn't compromise a whole system.
Conversation
This Tweet was deleted by the Tweet author. Learn more
Even before IOMMU existed, the programming model of letting drivers setup DMA themselves rather than going through a safe public interface that could have imposed IOMMU on them with no source-level changes was bad design.
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
iOS implements TCP/IP in userspace and most operating systems have drivers at least partially implemented in userspace. Many of the secondary processors in a computer run a microkernel with isolated components. Most smartphones have *at least* one L4 implementation in them.
1
2
You talk about microkernels / isolated drivers and memory safe languages as if they're not already been broadly used in the wild. Most code is written in memory safe languages these days. Systems code is increasingly moving to them too. Kernels and drivers are *mostly* not yet.
1
1
This Tweet was deleted by the Tweet author. Learn more
Java is a traditional example of a type / memory safe language. It has a very poor quality type system, like C, and it's not good at safety beyond memory safety. It can't do automatic integer overflow checking either, but at least it doesn't lead right to memory corruption bugs.
1
This Tweet was deleted by the Tweet author. Learn more
You're proving my point by linking to a list of bugs that are mostly in C code. Nearly all the serious bugs involve both major issues that I have talked about: memory unsafety and dynamic code execution. Also once again with the misleading and now dishonest CVE counting.
twitter.com/DanielMicay/st
You're being thoroughly dishonest and misleading in these conversations. You repeatedly misrepresent what I say and make incredibly inaccurate / misleading claims. It's very clear you are acting in bad faith. It's not an interesting conversation with you.
Quote Tweet
Replying to @DanielMicay @vyodaiken and 5 others
CVE databases just aren't usable for determining most of the vulnerability fixes going into a project. Linux distributions like Debian relying on CVEs to determine which fixes need to be backported have serious security issues. Greg KH spells this out again and again for Linux.