|
|
|
|
|
|
by csirac2
4183 days ago
|
|
|
What a great list; I used this holiday season to build a similar list actually. Genode's potential is really understated in the post - it can apparently run a number of different microkernels including the formally verified seL4 which provides secure isolation of each individual driver, VM, or process. They seem to have some Linux interoperability going too. I really want to find the time to dig into this one some more. Qubes is great, however the project really is a bit absolutist in my (amateur) opinion in placing all the trust in isolation: I still care about integrity of the isolated environments too, but Qubes seems to somewhat throw that baby out with the bathwater by, for example, insisting on passwordless sudo in all AppVMs. I get where they are coming from - local privescs are a dime a dozen and they have a small team. Linux process isolation sucks but is it that worthless that we should deliberately introduce new vulnerabilities by leaving the doors completely wide open? When the skids find a new RCE in my crappy mail client or attachment viewer, the effort required to engineer exploits is massively reduced. |
|
|
seL4 is great and all, but this is simply not possible as long as hardware devices can access memory. For example, a graphics driver can program the GPU to overwrite arbitrary system memory, regardless of how drivers are "isolated" by the kernel.