Hacker News new | past | comments | ask | show | jobs | submit login

>it's one of MANY entry points

Just because the kernel does things wrong all over the place, it doesn't mean having too many syscalls specifically is not itself wrong.

>Cite the specific functionality you think is being shipped in an insecure way.

The whole Linux kernel. Complexity in privileged code is cancer.

For an example of how to do a kernel properly, refer to seL4[0].

[0]: https://sel4.systems/About/seL4-whitepaper.pdf

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact