What if I DoS attack some syscall? Or create zillions of files with 1 byte size driving crazy file-system or anything else.
Kernel is such vast area vulnerable for an attack that it is scary even to think about securing all of it and not leaving a single weak point. Moreover, you will screw your syscall API to the point that it will become unusable. At bare least we need standard for the syscall capping and etc... so programmer will know what to expect.
And thanks for the link, will check them and what solution they use and whether they are happy with it.
Kernel is such vast area vulnerable for an attack that it is scary even to think about securing all of it and not leaving a single weak point. Moreover, you will screw your syscall API to the point that it will become unusable. At bare least we need standard for the syscall capping and etc... so programmer will know what to expect.
And thanks for the link, will check them and what solution they use and whether they are happy with it.