That’s one of the best summaries I’ve seen of how untrustworthy Linux and C are. Also, why one might want to take a performance hit turning on all mitigations if they use Linux. Alternatively, pay for a separation kernel that puts it in a box cuz it’s probably cheaper than fixing the bugs. :)
That’s one of the best summaries I’ve seen of how untrustworthy Linux and C are. Also, why one might want to take a performance hit turning on all mitigations if they use Linux. Alternatively, pay for a separation kernel that puts it in a box cuz it’s probably cheaper than fixing the bugs. :)