Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There used to be a time when people thought relying on if statements for security was enough and proposing an OS [1] where everything is in a single process was plausible. Same for JS JITs. Now we know better.

1 - https://en.wikipedia.org/wiki/Singularity_(operating_system)



> and proposing an OS [1] where everything is in a single process was plausible. Same for JS JITs

WebAssembly doubles down on it today.

Technically, though, software isolated lightweight processes within the same address space is still a very real possibility, it's just that isolation is up to the compilers now that have to emit spectre-proof code, so no native blobs. Which, let's get real, has to happen sooner or later for all userspace code, because hardware can't be trusted.


You can't trust any computation on hardware that cannot be trusted. There is no way to check that. Any software implemented check to detect that can be thwarted by hardware that misbehaves in malicious ways. Imagine an address based instruction replacement table that is used to convert some key consitional branches into unconditional ones.


> hardware can't be trusted

"Spectre-proof" code are specific workarounds for hardware bugs, not protection against all hardware security issues.


Obviously. Hardware can't be trusted to do secure isolation, this is the context here.


> used to be

https://en.wikipedia.org/wiki/Unikernel




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: