Announcement

**bug77** · 14 February 2024, 12:43 PM

Originally posted by TheMightyBuzzard View Post

Show me benchmarks proving it adds less than half a percent of overhead and let me enable/disable it via sysctl for at least six years, otherwise it's a big no.

Security-conscious users may be willing to accept more than half a percent overhead. Sure, it will be heavier that Rust's compile-time checks, but hey!, you've got to work with what you have.

**TheMightyBuzzard** · 14 February 2024, 01:00 PM

Originally posted by bug77 View Post

Security-conscious users may be willing to accept more than half a percent overhead. Sure, it will be heavier that Rust's compile-time checks, but hey!, you've got to work with what you have.

Yep. And if I were currently running anything that uber-hardening were warranted on, my outlook would be very different. On the boxes I run/admin at the moment, it's not really worth even half a percent impact but I'd do it anyway if it were that low just because I love me a good tinfoil hat.

**ssokolow** · 14 February 2024, 03:48 PM

At first read, it sounds like it could be a viable thing to retrofit onto drivers, which are both the least well-tested and most numerous parts of a kernel, as well as having a fairly well-defined API to interact with and serve as an encapsulation boundary.

**Volta** · 14 February 2024, 06:50 PM

Originally posted by ayumu View Post

Microkernel, multiserver, capability-centric is the better design. We've known this for a while.

No, Linux can't "evolve" into such a system, the spaghetti call graph mess that it is, with millions of LoCs now.

Linux is perfectly designed OS with very high code quality. When comes to non fixable spaghetti that would be Windows. It will die soon.

It would have to be rewritten and there's systems that are further along with a correct design (e.g. genode).

Perhaps funding sources should recognize this and re-focus their efforts appropriately. Stop wasting money and developer time in a system architecture that's known to be a dead end.

Microkernel is dead end, so you have nothing to worry about when comes to Linux, because it's a monolithic kernel. Monolithic kernel already proved to be superior in comparison to microkernel. Genode? What a joke.

**lowflyer** · 15 February 2024, 03:28 AM

sounds like:

We don't want C++ but we create sandboxes, isolated guard pages and a architecture independent infrastructure, a whole new API which elevates our memory safety potential and allows us to recover from protection violations.

... and let them sit and Rust.

**Britoid** · 15 February 2024, 04:26 AM

Originally posted by Volta View Post

Linux is perfectly designed OS with very high code quality. When comes to non fixable spaghetti that would be Windows. It will die soon.

Which is why nearly every Android device has to ship with a fork of it...

**cend** · 16 February 2024, 12:29 AM

"Ok, now go refactor something to use this" -- gregkh

**Volta** · 16 February 2024, 03:06 AM

Originally posted by Britoid View Post

Which is why nearly every Android device has to ship with a fork of it...

No, it's because google pollutes Linux with their crap in Android. Don't make me laugh insisting Android is quality software. Oh, in case you still don't get it: they've chosen Linux for a reason and if you want you can visit spaghetti monster called Windows Phone on the graveyard. It seems average IQ at Phoronix dropped lately.

**NathanG** · 18 February 2024, 07:44 AM

Well this thread is popcorn worthy.

Announcement

"SandBox Mode" Proposed For The Linux Kernel To Improve Memory Safety

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment