Conversation

Daniel Micay
@DanielMicay
twitter.com/DanielMicay/st It's worth noting that CONFIG_DEBUG_LIST is enabled in GrapheneOS with panic on data corruption, which according to bugs.chromium.org/p/project-zero breaks the exploit primitive. However, this is just one vulnerability, and many won't be mitigated like that.
Quote Tweet
Daniel Micay
@DanielMicay
Unfortunately, due to lack of resources and support, it hasn't yet been possible to start doing this for the ongoing revival of the project. In the past, I used to do it myself, but don't have the time and energy available anymore and people aren't stepping up to fill that gap.
Show this thread
2
4
Daniel Micay
@DanielMicay
Replying to
@RichFelker
Binder is in the upstream kernel and is used outside of Android too. It's used to implement userspace mobile device drivers which are used elsewhere. It's the communication mechanism between the sandboxes. Other OSes reuse those drivers even if they use dbus, etc. elsewhere.
2
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@RichFelker
Microkernels with a focus on security end up needing to design a very efficient, lightweight and powerful IPC mechanism as part of a tiny core kernel. Need to be able to enforce a flexible / powerful security model at a high level among other things. Linux doesn't have an answer.
2
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@RichFelker
So, instead, there are a whole bunch of competing out-of-tree mechanisms and all the lackluster POSIX and assorted legacy options not meeting real world requirements. Linux approach is to end up offering a dozen bad options with most systems using a variety of them at once.
1
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
and
@RichFelker
Binder ended up upstream, unlike essentially all the other attempts at offering a more modern IPC mechanism, and it's definitely used more broadly than Android now. Beyond just using drivers designed for an Android environment too. It's among what's available so people use it.
1