GrapheneOS@dalias There's nothing we can do to change how much of a disaster it is in terms of the kernel being exploited to escape sandboxes or as the main attack vector to exploit the device. We have hardware memory tagging for the kernel enabled now and we can work on adding deterministic guarantees similar to hardened_malloc and other allocator hardening but it's still going to be disaster. We also have to do something about GPU drivers doing insane things with memory which bypass this hardening.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.