No, that's not what he means. He's saying that an external file system should have a sandboxed filesystem driver, so that exploiting a bug inside it doesn't immediately grant complete control over the entire system and at least requires privesc to escape (likely via the kernel).
-
-
Has to do with the style of code as well as the libraries you link to. The use of unbounded structures and imprecisely tracked memory objects adds to that mix In order for static analysis to be useful, code has to be written to allow for deep analysis
- 32 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.