Comment by darksaints

3 days ago

For the love of god, can we please move to microkernel-based operating systems already? We're adding a million lines of code to the linux kernel every year. That's so much attack surface area. We're setting ourselves up for a kessler syndrome of sorts with every system that we add to the kernel.

17 comments

darksaints

Reply
mdavid626  3 days ago

Most of that code is not loaded into the kernel, only when needed.

  • darksaints  3 days ago

    True, but the last time I checked (several years ago), the size of the portion of code that is not drivers or kernel modules was still 7 million lines of code, and the average system still has to load a few million more via kernel modules and drivers. That is still a phenomenally large attack surface.

    The SeL4 kernel is 10k lines of code. OKL4 is 13k. QNX is ~30k.

  • regularfry  3 days ago

    You've still got combinatorial complexity problem though, because you never know what a specific user is going to load.

wosined  3 days ago

I might be wrong, but microkernel also need drivers, so the attack surface would be the same, or not?

  • kaoD  3 days ago

    You're not wrong, but monolithic kernel drivers run at a privilege level that's even higher than root (ring 0) while microkernels run them at userspace so they're as dangerous as running a normal program.

    • pessimizer  3 days ago

      "Just think of the power of ring-0, muhahaha! Think of the speed and simplicity of ring-0-only and identity-mapping. It can change tasks in half a microsecond because it doesn't mess with page tables or privilege levels. Inter-process communication is effortless because every task can access every other task's memory.

      "It's fun having access to everything."

      — Terry A. Davis

      1 reply →

jiehong  2 days ago

Naive question: is the Mac OS or iOS a microkernel? They seem to support http3 in their network foundation librairies and I’m wondering if it’s userland only or more.

  • darksaints  2 days ago

    MacOS is a hybrid kernel, which has been becoming more microkernel-like over time, and they are aggressively pushing more and more things to userspace. I don't think it will ever be a full microkernel, but it is promising to see that happening there.

    Ironic (in the alannis morrisette sense) that Apple has strictly controlled hardware AND OS-level software...if there's anybody out there that can possibly get away with a monolithic kernel in a safe way, it would be them. But Linux...where you have to support practically infinite variations in hardware and the full bazaar of software, that's a dumpster fire waiting to happen.