alt Hacker NewsMillions of lines of code, all running in supervisor mode.
One bug is all it takes to compromise the entire system.
The monolithic UNIX kernel was a good design in the 60s; Today, we should know better[0][1].
Replies
josefx • last Thursday at 10:27 AM
Of course by now processor manufacturers decided that blowing holes into the CPUs security model to make it go faster was the way to go. So your micro kernel is stuck on a hardware security model that looks like swiss cheese and smells like Surströmming.
__bjoernd • last Thursday at 8:56 AM
How are SEL4 and Genode going for you in your day-to-day compute usage?
windowssuperfi • last Thursday at 3:01 AM
Yeah cause windows is amazing Or maybe macos? Ignore their freebsd parts of course.
➕ show 4 replies
My conclusion is that microkernels offer some protection from random reboots, but not much against hacking
Say the USB system runs in its own isolated process. Great, but if someone pwns the USB process they can change disk contents, intercept and inject keystrokes, etc. You can usually leverage that into a whole system compromise.
Same with most subsystems: GPU, network, file system process compromises are all easily leveraged to pwn the whole system.