I don't see most use as a "protection"; rather it just makes throwing away & replacing a compromised environment easy.
-
-
Replying to @RichFelker @phryanjr
Yes, but to do that, you have to trust that the host isn’t compromised, and you probably shouldn’t.
2 replies 0 retweets 0 likes -
Maybe in 5 years or so, we’ll be at a point where a typical best-practices non-hardened container survives RCE.
1 reply 0 retweets 0 likes -
Linux kernel security is trending in the wrong direction. More complexity, more attack surface, more code churn.
1 reply 1 retweet 3 likes -
One outcome of my taking on kernel work might be gaining enough experience to redo it right. :-)
1 reply 0 retweets 0 likes -
It really needs a many-pronged approach, and the Linux kernel is failing at every aspect of improving security.
1 reply 1 retweet 0 likes -
Replying to @CopperheadOS @RichFelker and
Moving more code into the kernel, instead of moving towards a microkernel like competing operating systems.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @RichFelker and
And sticking with using entirely C, instead of migrating towards a safe language for new / rewritten components.
3 replies 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker and
Not to mention very weak exploit mitigations, very little testing, extreme code churn with barely any review...
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @RichFelker and
There's even a lot of resistance towards fixing clear cut cases of UB. It's the textbook case of what not to do.
1 reply 0 retweets 0 likes
I'm well aware. They consider non-aliasing based analysis a compiler bug, treat all same-size types as same.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.