Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/113944045019152901">GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 04-Feb-2025 15:27:52 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><a href="https://grapheneos.social/@GrapheneOS/113944022720613445" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> A vulnerability in a GPU or Wi-Fi driver shouldn't compromise the security of the whole OS because it should be isolated. Filesystems should at least be possible to run isolated. Linux is fundamentally opposed to that design. Still feasible to coerce it into working that way by running separate Linux kernels isolated from each other side-by-side. It will add a bunch of overhead vs. it being designed that way to start.</p><p>They also have problematic attitudes towards undefined behavior, etc.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4504772#notice-8820983">In conversation</a><time datetime="2025-02-04T15:27:52+09:00" title="Tuesday, 04-Feb-2025 15:27:52 JST">about 18 days ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/113944045019152901" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/113944045019152901">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Tuesday, 04-Feb-2025 15:27:52 JSTGrapheneOS
in reply to
- Rich Felker
@dalias A vulnerability in a GPU or Wi-Fi driver shouldn't compromise the security of the whole OS because it should be isolated. Filesystems should at least be possible to run isolated. Linux is fundamentally opposed to that design. Still feasible to coerce it into working that way by running separate Linux kernels isolated from each other side-by-side. It will add a bunch of overhead vs. it being designed that way to start.
They also have problematic attitudes towards undefined behavior, etc.
In conversationabout 18 days ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice