Navigation
Search
|
[$] A sandbox mode for the kernel
Thursday February 29, 2024. 04:49 PM , from LWN.net
The Linux kernel follows a monolithic design, and that brings a well-known
problem: all code in the kernel has access to the entirety of the kernel's address space. As a result, a bug in (for example) an obscure driver may well be exploitable to wreak havoc on core-kernel data structures. Various attempts have been made over the years to increase the degree of isolation within the kernel. The latest of these, 'SandBox Mode' proposed by Petr Tesařík, makes it possible for the kernel to run some limited code safely, but it has encountered a bit of a chilly reception.
https://lwn.net/Articles/963734/
Related News |
25 sources
Current Date
May, Sun 5 - 20:07 CEST
|