Jaxad0127
Maybe the user space shouldnt be allowed to directly touch network anymore. Instead of application -> kernel -> hardware, more like application --(limited defined commands)--> networking control application (does bulk of preparing data for networking) --(limited security hardened commands)--> kernel --> hardware.
That way applications dont touch the hardware or kernel directly and future security and kernel bugs can be more eadily tested for. The kernel group cant test every application that uses networking, but it can test if changes effected the one networking control application.
Maybe the user space shouldnt be allowed to directly touch network anymore. Instead of application -> kernel -> hardware, more like application --(limited defined commands)--> networking control application (does bulk of preparing data for networking) --(limited security hardened commands)--> kernel --> hardware.
That way applications dont touch the hardware or kernel directly and future security and kernel bugs can be more eadily tested for. The kernel group cant test every application that uses networking, but it can test if changes effected the one networking control application.
Comment