Of course microkernel approach is more secure, if a driver gets p0wned, corrupts data structures, or plain keeps crashing, it doesn't take the whole kernel with it.
Naturally the issue might be as bad that the whole stack can't recover from, but still much better than corrupting the kernel.
One of the SecDevOps guidelines when hardening servers is that every process should have its own user, yes.
Kmods and akmods run in kernel memory space and aren't ABI stable.
Naturally the issue might be as bad that the whole stack can't recover from, but still much better than corrupting the kernel.
One of the SecDevOps guidelines when hardening servers is that every process should have its own user, yes.
Kmods and akmods run in kernel memory space and aren't ABI stable.