| 1 |
On 01/12/2012 06:26 AM, Radek Madej wrote: |
| 2 |
|
| 3 |
> IMHO, it'd make more sense to invest into a microkernel system, say based on |
| 4 |
> Minix3, add PaX features to the kernel, at least proper ASLR and W^X, and use |
| 5 |
> RBAC (grsec RBAC for instance ;] ) to ensure adequate isolation between |
| 6 |
> processes in the userspace. Simple. Neat. Clean. Proper engineering. ;] Sounds |
| 7 |
> like a nice PhD project to me... ;) |
| 8 |
> |
| 9 |
|
| 10 |
Oh dear god, Minix! While I respect what Tanenbaum is up to with Minix |
| 11 |
and I hope he keeps developing it, the current situation is that it has |
| 12 |
a very tiny base and it will probably stay that way. I loved the |
| 13 |
original Minix for teaching (although I've moved on to James Molloy's |
| 14 |
kernel), but usability is inversely proportional to complexity. If |
| 15 |
Minix were to span the usability spectrum of a kernel like Linux or BSD, |
| 16 |
I've got a gut feeling it would hit many of the same insecurity issues |
| 17 |
despite the theory of separation of subsystems. |
| 18 |
|
| 19 |
As to the broader question of important software abusing memory, when |
| 20 |
you have so many developers, coding in so many different ways and with |
| 21 |
so many different philosophies, I'm amazed we can even get something |
| 22 |
like PaX off the ground. My own approach is to keep pressure on |
| 23 |
upstream to change their coding practice. It seems like the only |
| 24 |
practical approach for the near future. |
| 25 |
|
| 26 |
-- |
| 27 |
Anthony G. Basile, Ph.D. |
| 28 |
Gentoo Linux Developer [Hardened] |
| 29 |
E-Mail : blueness@g.o |
| 30 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 31 |
GnuPG ID : D0455535 |
Archives