Comment by ZeroConcerns

Comment by ZeroConcerns a day ago

2 replies

View on Hacker News

While interesting, the failure to distinguish between cooperative and unmodified programs here sort-of weakens the comparison.

I mean, the OpenBSD APIs are great and all, but most developers are not going to be aware of these, nor deploying to a platform that supports these in the first place.

And yes, kernel-mode supervisors, when available, suffer from inscrutable configurations, so it's clear a middle ground would be nice (especially one that also applies to the W-environment), but it's not clear anyone is particularly invested in this?

[removed] 14 hours ago
[deleted]
Reply View 0 replies
ykonstant a day ago

Indeed, if you are trying to build something cross-platform and use BSD's specific APIs for security, it is easy to end up with an #ifdef soup in some of the most sensitive parts of your code. One wrong logic step there and you have compromised your application trying to harden it. I don't know the solution :(

Reply View 0 replies