Daniel Micay on Twitter: "There has also been a comparable lack of support for restoring the past kernel security hardening and advancing it. Too many individuals, companies and other organizations sit back expecting someone else to do the work and provide the resources. Inaction is why things are so bad." / Twitter

twitter.com/DanielMicay/st It's worth noting that CONFIG_DEBUG_LIST is enabled in GrapheneOS with panic on data corruption, which according to bugs.chromium.org/p/project-zero breaks the exploit primitive. However, this is just one vulnerability, and many won't be mitigated like that.

Quote Tweet

Daniel Micay

@DanielMicay

Oct 4, 2019

Unfortunately, due to lack of resources and support, it hasn't yet been possible to start doing this for the ongoing revival of the project. In the past, I used to do it myself, but don't have the time and energy available anymore and people aren't stepping up to fill that gap.

Show this thread

Daniel Micay

@DanielMicay

There has also been a comparable lack of support for restoring the past kernel security hardening and advancing it. Too many individuals, companies and other organizations sit back expecting someone else to do the work and provide the resources. Inaction is why things are so bad.

11:34 AM · Oct 4, 2019Twitter Web App

Replying to

Probably reactions like this are more likely the reason than simply inaction. Everyone depends on Linux, including the biggest companies in the world. Everyone wants it to be as secure as possible. zdnet.com/article/linus-

Conversation