zlacker

[parent] [thread] 3 comments
1. PrimeM+(OP)[view] [source] 2023-10-27 23:03:14
> OpenBSD maybe gets there eventually.

Nah they won't. The devs have an irrational resistance to the very idea.

I disagree with your analogies. OpenBSD has a focus on auditing to remove all bugs, which is great, but they provide very little to help prevent what can be done if a bug is exploited, and they've certainly had no shortage of serious bugs.

> What use is MAC/RBAC if someone can gain kernel access with a 0 day exploit?

Kernel exploits are pretty rare. Most exploits are in userland.

replies(2): >>action+gE1 >>blodor+is7
2. action+gE1[view] [source] 2023-10-28 17:02:00
>>PrimeM+(OP)
I actually still think my analogy is apt.

Their safe is very hard, but once you are in, you are in. And I think I agree with your assessment, they aren’t likely to start creating MAC/RBAC solutions.

3. blodor+is7[view] [source] 2023-10-30 18:38:52
>>PrimeM+(OP)
I think pledge(2) and unveil(2) would help to prevent "what can be done if a bug is exploited", yes?
replies(1): >>PrimeM+Py7
◧◩
4. PrimeM+Py7[view] [source] [discussion] 2023-10-30 19:05:32
>>blodor+is7
Ever so slightly, but still a long ways off from proper mac or rbac support.
[go to top]