Hacker News new | past | comments | ask | show | jobs | submit login

Everything is relative of course but it's a consensus view in OS literature that the Unix family of operating systems doesn't have strong security. There's a huge TCB in which bugs lead to vulnerabilities with high probability, as we see all the time.

This is why eg cloud providers don't rely on the OS to isolate customers from each other.

Since the reneissance of virtualization, many security focused systems have built on that, like Qubes OS, seL4-based virtualized systems, etc.




Everything in security is layers of defense against a threat model.

To design a secure system one must first ask who is going to attack it and with what forces.

Making truly secure systems is an art and is rarified ground.


What is using seL4-based virtualized systems? I am very interested in trying that out of the prices aren't for enterprise only.


Idk if it's "the Unix family". Clouds are running with SmartOS for example with containers running on bare metal and I've not heard of security issues with this model.


SmartOS is a fork of OpenSolaris right? Solaris used to have its share of public vulnerability discourse when it had more users, and it quieted down as the user base shrank and people stopped deploying it as a general purpouse server OS. In a slow moving niche OS I wouldn't put much weight on low volume of public security problem discourse especially in face of apparent architectural problems.


Yes it's a fork of OpenSolaris. Companies are running clouds with it, with containers of different clients running next to each other on bare metal (no VM to re-isolate). If it was so easy to exploit it would have been done already wouldn't it ?


No, absence of evidence is not evidence of absence, that's a very central thing to understand when thinking about software vulnerabilities.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: