Hacker News new | past | comments | ask | show | jobs | submit login

I can't tell if you are saying "without changing compiler flags, you always lose, even across all possible configurations of even a hypervisor" or if you are saying "without having control over some aspect of the attacker (as in, they can't just give you a binary)". I feel like it can't be the former, or you would have just said that instead of trying to procure some kind of mental framework; but that means the answer now is in some explanation of the latter criteria; essentially, the question is "what are the conservative bounds of current-safe?" (which might get smaller if new vulnerabilities are found or might get bigger if people discover some fascinating mitigation), not "what is a subset of things that are absolute-unsafe"... the latter I can find and even sometimes understand, but the former is what is actually useful for people building systems, so I keep hoping to find a guide somewhere.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact