Navigation
Recherche
|
[$] A sandbox mode for the kernel
jeudi 29 février 2024, 16:49 , par LWN.net
The Linux kernel follows a monolithic design, and that brings a well-known
problem: all code in the kernel has access to the entirety of the kernel's address space. As a result, a bug in (for example) an obscure driver may well be exploitable to wreak havoc on core-kernel data structures. Various attempts have been made over the years to increase the degree of isolation within the kernel. The latest of these, 'SandBox Mode' proposed by Petr Tesařík, makes it possible for the kernel to run some limited code safely, but it has encountered a bit of a chilly reception.
https://lwn.net/Articles/963734/
Voir aussi |
56 sources (32 en français)
Date Actuelle
lun. 29 avril - 10:17 CEST
|