On 01/12/2012 06:26 AM, Radek Madej wrote: > IMHO, it'd make more sense to invest into a microkernel system, say based on > Minix3, add PaX features to the kernel, at least proper ASLR and W^X, and use > RBAC (grsec RBAC for instance ;] ) to ensure adequate isolation between > processes in the userspace. Simple. Neat. Clean. Proper engineering. ;] > Sounds > like a nice PhD project to me... ;) >
Oh dear god, Minix! While I respect what Tanenbaum is up to with Minix and I hope he keeps developing it, the current situation is that it has a very tiny base and it will probably stay that way. I loved the original Minix for teaching (although I've moved on to James Molloy's kernel), but usability is inversely proportional to complexity. If Minix were to span the usability spectrum of a kernel like Linux or BSD, I've got a gut feeling it would hit many of the same insecurity issues despite the theory of separation of subsystems. As to the broader question of important software abusing memory, when you have so many developers, coding in so many different ways and with so many different philosophies, I'm amazed we can even get something like PaX off the ground. My own approach is to keep pressure on upstream to change their coding practice. It seems like the only practical approach for the near future. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
