[$] A sandbox mode for the kernel
Date:
Thu, 29 Feb 2024 15:49:09 +0000
Description:
The Linux kernel follows a monolithic design, and that brings a well-known problem: all code in the kernel has access to the entirety of the kernel's address space. As a result, a bug in (for example) an obscure driver may
well be exploitable to wreak havoc on core-kernel data structures. Various attempts have been made over the years to increase the degree of isolation within the kernel. The latest of these, "SandBox
Mode" proposed by Petr Tesak, makes it possible for the kernel to run
some limited code safely, but it has encountered a bit of a chilly reception.
======================================================================
Link to news story:
https://lwn.net/Articles/963734/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)