←back to thread

364 points Klasiaster | 1 comments | | HN request time: 0.228s | source
Show context
hkalbasi ◴[] No.41854258[source]
> In the framekernel OS architecture, the entire OS resides in the same address space (like a monolithic kernel) and is required to be written in Rust. However, there's a twist---the kernel is partitioned in two halves ... the unprivileged Services must be written exclusively in safe Rust.

Unprivileged services can exploit known compiler bugs and do anything they want in safe Rust. How this affects their security model?

replies(1): >>41858302 #
1. rcxdude ◴[] No.41858302[source]
I think it's not so much intended as a "you can allow arbitrary untrusted code to run as an unprivileged service" and more "a buggy unprivileged service won't compromise the whole system".