| |
| ▲ | eqvinox 21 hours ago | parent [-] | | Of course a tiny microkernel code base won't have NFS bugs. It doesn't implement NFS. The bug will instead be in the NFS process/daemon/service/… which considering it's an fs service won't exactly be unprivileged either, even if only by returning maliciously corrupted contents. (e.g. a SUID root file that should not exist.) And, sure, a microkernel could have better security properties. However, (1) this has no connection at all to this specific bug, and (2) the Linux kernel seems to be doing reasonably well on security properties; or rather the industry seems to have decided it's sufficiently secure, even if not perfect. | | |
| ▲ | snvzz 13 hours ago | parent [-] | | Not only is the damage contained, but it is also much easier to protect an isolated NFS server. For instance, instead of being able to read/write/jump literally anywhere in memory, it would only have capabilities to the resources it needs. And these capabilities would be enforced strictly, by the bug-free microkernel. The likes of seL4 even have formal proof of correctness. | | |
| ▲ | eqvinox 10 hours ago | parent [-] | | And you are still making these arguments on the discussion of a bug that they have absolutely no bearing on. If Linux were written with the same exact development history, but as a microkernel, the exact same bug could (and likely would) exist in the NFS client component. The impact is spurious unavailability of service, and would be the same on a microkernel; it is not exploitable for memory corruption. And any file system service, by its function, will be in a position of relative privilege, even if less so on a microkernel. Your arguments are likely valid, with other bugs. Please take them there. Wedging this discussion in here just makes you look like a proselytizing zealot. |
|
|
|
