Subj : [$] A sandbox mode for the kernel
To   : All
From : LWN.net
Date : Thu Feb 29 2024 16:00:06

[$] A sandbox mode for the kernel

Date:
Thu, 29 Feb 2024 15:49:09 +0000

Description:
The Linux kernel follows a monolithic design, and that brings a well-known
problem: all code in the kernel has access to the entirety of the kernel's
address space.  As a result, a bug in (for example) an obscure driver may
well be exploitable to wreak havoc on core-kernel data structures.  Various
attempts have been made over the years to increase the degree of isolation
within the kernel.  The latest of these, "SandBox
Mode" proposed by Petr Tesak, makes it possible for the kernel to run
some limited code safely, but it has encountered a bit of a chilly reception.

======================================================================
Link to news story:
https://lwn.net/Articles/963734/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.