Hacker News new | past | comments | ask | show | jobs | submit login

Thanks for the correction! It confirms that Linux’s system list is by no means ‘out of control’.

If 400+ syscalls doesn't scream out of control to you, I doubt I can convince you.

Again, there is nothing special about a "system call", it's one of MANY entry points into the kernel. Counting them in isolation means nothing. And, again, Linux has historically been very careful to resist arbitrary subsystem-specific bloat in syscall variety. Almost all of its new kernel-exposed functionality uses other mechanisms (e.g. sysfs, new filesystems like cgroup, etc...) which are more auditable and amenable to userspace-managed authorization via stuff like filesystem permissions, chroot and containers.

And of course, as with everything else, virtually all this new functionality is modular. Don't want the system call (or whatever)? Don't put it in your kernel.

Basically: you're wrong here. Cite the specific functionality you think is being shipped in an insecure way.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact