If app is properly isolated/containerized, a shell is not worth much compared to what you get from common webapp lang vulns.
I don't see most use as a "protection"; rather it just makes throwing away & replacing a compromised environment easy.
-
-
Yes, but to do that, you have to trust that the host isn’t compromised, and you probably shouldn’t.
-
Maybe in 5 years or so, we’ll be at a point where a typical best-practices non-hardened container survives RCE.
-
Linux kernel security is trending in the wrong direction. More complexity, more attack surface, more code churn.
-
One outcome of my taking on kernel work might be gaining enough experience to redo it right. :-)
-
It really needs a many-pronged approach, and the Linux kernel is failing at every aspect of improving security.
-
Moving more code into the kernel, instead of moving towards a microkernel like competing operating systems.
-
And sticking with using entirely C, instead of migrating towards a safe language for new / rewritten components.
-
I don't see any viable alternatives to C for robust kernel programming, but Linux doesn't even use C robustly.
- 14 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.