On Tue, May 19, 2026 at 12:51 PM Mateusz Guzik <[email protected]> wrote: > I can't stress enough that mucking around splice (even if worthwhile) > is merely addressing the currently popular attack vector and not the > general problem. [...] > The huge attack surface was always a problematic position to be in, > but with the advent lf LLMs any unskilled person can drop a 0day and > the position is straight up untenable. In the long run there is no way > around blocking access to code by default, way beyond the current > splice proposal.
Sure - but the path to that is putting restrictions on the availability of individual kernel features, and this proposal is one step toward that. These splice/vmsplice functions have been part of security bugs in the past, and have contributed to making other security bugs easier to exploit too. I think it's a sufficiently big problem area to warrant a disable toggle, especially since this is more or less just a performance optimization that we should be able to nerf without outright breaking anything.
