Announcement

Collapse
No announcement yet.

"SandBox Mode" Proposed For The Linux Kernel To Improve Memory Safety

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NathanG
    replied
    Well this thread is popcorn worthy.

    Leave a comment:


  • Volta
    replied
    Originally posted by Britoid View Post

    Which is why nearly every Android device has to ship with a fork of it...
    No, it's because google pollutes Linux with their crap in Android. Don't make me laugh insisting Android is quality software. Oh, in case you still don't get it: they've chosen Linux for a reason and if you want you can visit spaghetti monster called Windows Phone on the graveyard. It seems average IQ at Phoronix dropped lately.
    Last edited by Volta; 16 February 2024, 03:09 AM.

    Leave a comment:


  • cend
    replied
    "Ok, now go refactor something to use this" -- gregkh

    Leave a comment:


  • Britoid
    replied
    Originally posted by Volta View Post
    Linux is perfectly designed OS with very high code quality. When comes to non fixable spaghetti that would be Windows. It will die soon.
    Which is why nearly every Android device has to ship with a fork of it...

    Leave a comment:


  • lowflyer
    replied
    sounds like:

    We don't want C++ but we create sandboxes, isolated guard pages and a architecture independent infrastructure, a whole new API which elevates our memory safety potential and allows us to recover from protection violations.

    ... and let them sit and Rust.

    Leave a comment:


  • Volta
    replied
    Originally posted by ayumu View Post
    Microkernel, multiserver, capability-centric is the better design. We've known this for a while.

    No, Linux can't "evolve" into such a system, the spaghetti call graph mess that it is, with millions of LoCs now.
    Linux is perfectly designed OS with very high code quality. When comes to non fixable spaghetti that would be Windows. It will die soon.

    It would have to be rewritten and there's systems that are further along with a correct design (e.g. genode).

    Perhaps funding sources should recognize this and re-focus their efforts appropriately. Stop wasting money and developer time in a system architecture that's known to be a dead end.
    Microkernel is dead end, so you have nothing to worry about when comes to Linux, because it's a monolithic kernel. Monolithic kernel already proved to be superior in comparison to microkernel. Genode? What a joke.
    Last edited by Volta; 14 February 2024, 07:31 PM.

    Leave a comment:


  • ssokolow
    replied
    At first read, it sounds like it could be a viable thing to retrofit onto drivers, which are both the least well-tested and most numerous parts of a kernel, as well as having a fairly well-defined API to interact with and serve as an encapsulation boundary.

    Leave a comment:


  • TheMightyBuzzard
    replied
    Originally posted by bug77 View Post

    Security-conscious users may be willing to accept more than half a percent overhead. Sure, it will be heavier that Rust's compile-time checks, but hey!, you've got to work with what you have.
    Yep. And if I were currently running anything that uber-hardening were warranted on, my outlook would be very different. On the boxes I run/admin at the moment, it's not really worth even half a percent impact but I'd do it anyway if it were that low just because I love me a good tinfoil hat.

    Leave a comment:


  • bug77
    replied
    Originally posted by TheMightyBuzzard View Post
    Show me benchmarks proving it adds less than half a percent of overhead and let me enable/disable it via sysctl for at least six years, otherwise it's a big no.
    Security-conscious users may be willing to accept more than half a percent overhead. Sure, it will be heavier that Rust's compile-time checks, but hey!, you've got to work with what you have.

    Leave a comment:


  • bug77
    replied
    Originally posted by ayumu View Post
    Microkernel, multiserver, capability-centric is the better design. We've known this for a while.

    No, Linux can't "evolve" into such a system, the spaghetti call graph mess that it is, with millions of LoCs now.

    It would have to be rewritten and there's systems that are further along with a correct design (e.g. genode).

    Perhaps funding sources should recognize this and re-focus their efforts appropriately. Stop wasting money and developer time in a system architecture that's known to be a dead end.
    Yeah, the design is indisputably inferior. Sure it has seen a bit of adoption with servers and PCs. On some supercomputers. Very very few home appliances use it. It's also used in an obscure smartphone operating systems. Such a flawed design is clearly not going anywhere.

    /s

    Leave a comment:

Working...
X