by Animats on 12/23/2016, 7:52:36 PM
by tyingq on 12/23/2016, 5:05:15 PM
Fairly in-depth. I'm surprised though, at the generally positive tone around containers/docker. No mention of the the current widespread practice of containers running as root. Nothing about the relative lack of protection against local kernel exploits escaping the container, etc.
Was expecting something a little more balanced on the topic.
by ctz on 12/23/2016, 5:16:19 PM
I don't really understand why this doesn't cover memory safety.
by PaulHoule on 12/23/2016, 7:03:01 PM
It seems like I am seeing something about SAT solvers almost every day now.
by gravypod on 12/23/2016, 5:04:29 PM
Some of these are great, some of these are OK, and some of these are horrible ideas. I wish instead of "studies" we did RFCs
by godmodus on 12/23/2016, 6:50:10 PM
"A weakness is an undesired characteristic of a system’s requirements, design or implementation [Black11a]. This definition excludes:
* ...
* insider malfeasance, such as exfiltration by Edward Snowden"
Heh.
Those are the usual answers. But they're too broad.
A good way to look at the problem is that trusted software needs to be far less vulnerable, and untrusted software needs to be kept in a cage where it can't make trouble.
On the untrusted side, all games, for example, should be caged or sandboxed. (Yes, this breaks some intrusive anti-cheat mechanisms. Tough.) Applications on phone-type platforms should have far fewer privileges, (Yes, that breaks some ad networks. Tough.)
Until somebody with enough power to make it stick takes a hard-ass position and sets standards, there's not going to be progress. It would be progress if AT&T or Comcast or Verizon deployed secure routers, for example.