Alex is right, i promise you if it made sense to do seccomp-bpf like things for Windows we would have done it by now. Windows is a different beast entirely. Hyper-v/WDAG containers are the best way we currently have to abstract away attack kernel surface.https://twitter.com/aionescu/status/1092263015699730437 …
-
-
Yes but that’s a whole other shift. If you work with the current constraints of win32k...
-
In general, people want to contain small kernels (think image parser, video codec, etc), not the whole application. For example, office might want to sandbox RTF import but not apply those limitations to the whole suite.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
