Recent searches
Search options
Administered by:
Is Linux secure?
Let me rephrase, is a huge pile of C code, running in privileged mode in a shared address space, highly concurrent, using its own homegrown memory model based on volatile instead of the one the language spec defines and the compilers implement, dealing with untrusted data, implementing many complex protocols, data formats, & functionality, managing a bunch of "objects" with complex ownership and lifetime semantics, embedding its own JIT — secure?
Clarification: I'm not advocating for alternative kernels (certainly not for Mach / Hurd, which are a lot more insecure — I would know 
)
I'm saying, Linux is here to stay for decades and centuries. Look at what corner we've painted ourselves into.
@bugaevc Given the history, saying that any project is here to stay is tempting fate. The human infrastructure around the kernel is shaky. When the Torvalds generation retires it seems highly likely that they will be replaced by people with a far more corporate agenda. In the long run who is maintaining the code is a more important question than what language it is written in.
@bugaevc Why not? Any reason somebody could not write a more secure kernel that's compatible with Linux, doing to Linux what Linux did to Unix?
@robinadams the complexity of today's Linux and the kernel it replaced is humongous. But it's certainly possible (and has been done) to write something that provides basic syscall-level ABI compatibility.