| ▲ | quesera 10 hours ago | |||||||
No transcript (yet?) sadly, but this is a good high level overview. Looks like excellent and valuable work: > ... we conducted a large-scale audit of FreeBSD kernel code paths accessible from within a jail. We systematically examined privileged operations, capabilities, and interfaces that a jailed process can still reach, hunting for memory safety issues, race conditions, and logic flaws. The result: roughly 50 distinct issues uncovered across multiple kernel subsystems, ranging from buffer overflows and information leaks to unbounded allocations and reference counting errors—many of which could crash the system or provide vectors for privilege escalation beyond the jail. > We’ve developed proof-of-concept exploits and tools to demonstrate some of these vulnerabilities in action. We’ve responsibly disclosed our findings to the FreeBSD security team and are collaborating with them on fixes. Our goal isn’t to break FreeBSD, but to highlight the systemic difficulty of maintaining strict isolation in a large, mature codebase. | ||||||||
| ▲ | josephg 5 hours ago | parent [-] | |||||||
> The result: roughly 50 distinct issues uncovered across multiple kernel subsystems > Our goal isn’t to break FreeBSD, but to highlight the systemic difficulty of maintaining strict isolation in a large, mature codebase. 50 distinct issues? That's devastating. If these researchers found 50 issues, we all know there's more that 50 issues in the codebase. I really think we need to start seriously considering using SeL4 as a base for our operating systems. How long can we keep building on top of sand? | ||||||||
| ||||||||