|
|
Log in / Subscribe / Register

X doesn't have to worry about...

X doesn't have to worry about...

Posted Dec 6, 2013 8:45 UTC (Fri) by khim (subscriber, #9252)
In reply to: X doesn't have to worry about... by smoogen
Parent article: Another daemon for managing control groups

I'm not sure if you are underestimating or overestimating Google/Facebook/Amazon/etc engineer capabilities.

The primary maxima here is very simple: “if and when one can call arbitrary unrestricted Linux syscalls one can own the system”. Security track record of Linux kernel certainly support this POV (yes, even “hardened” ones had plethora of vulnerabilities exposed and undoubtedly have many more currently uncovered ones).

But if you filter Linux ABI access and not trust Linux kernel (without heavy-duty protections like seccomp-bpf) then why would you care about all these security implications Tejun is talking about?

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds