1 |
On 01/12/2012 06:26 AM, Radek Madej wrote: |
2 |
|
3 |
> IMHO, it'd make more sense to invest into a microkernel system, say based on |
4 |
> Minix3, add PaX features to the kernel, at least proper ASLR and W^X, and use |
5 |
> RBAC (grsec RBAC for instance ;] ) to ensure adequate isolation between |
6 |
> processes in the userspace. Simple. Neat. Clean. Proper engineering. ;] Sounds |
7 |
> like a nice PhD project to me... ;) |
8 |
> |
9 |
|
10 |
Oh dear god, Minix! While I respect what Tanenbaum is up to with Minix |
11 |
and I hope he keeps developing it, the current situation is that it has |
12 |
a very tiny base and it will probably stay that way. I loved the |
13 |
original Minix for teaching (although I've moved on to James Molloy's |
14 |
kernel), but usability is inversely proportional to complexity. If |
15 |
Minix were to span the usability spectrum of a kernel like Linux or BSD, |
16 |
I've got a gut feeling it would hit many of the same insecurity issues |
17 |
despite the theory of separation of subsystems. |
18 |
|
19 |
As to the broader question of important software abusing memory, when |
20 |
you have so many developers, coding in so many different ways and with |
21 |
so many different philosophies, I'm amazed we can even get something |
22 |
like PaX off the ground. My own approach is to keep pressure on |
23 |
upstream to change their coding practice. It seems like the only |
24 |
practical approach for the near future. |
25 |
|
26 |
-- |
27 |
Anthony G. Basile, Ph.D. |
28 |
Gentoo Linux Developer [Hardened] |
29 |
E-Mail : blueness@g.o |
30 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
31 |
GnuPG ID : D0455535 |