Hacker News new | past | comments | ask | show | jobs | submit login

Win32k before Win10 used to do TrueType/Type 1 parsing in the kernel, with an entire bytecode virtual machine!



So what? Linux, today, has a full bytecode interpreter


Bigger attack surface in the kernel, for something that doesn't need to be there, and that is historically very difficult to code securely.


grsecurity just disables it outright IIRC (the new one that was added sort of recently, probably year+ at this point).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: