Sorry forgot to reply to this, > I think the WIFI scanning bug that allowed Linux machines to be owned > tells a different story. One that comes down to caring about > security. You would think that this would be a prioritised area of > code review. I wonder if there is a higher chance of performance > regressions being picked up than security issues.
You confuse my argument. WiFi is inkernel, the userspace utilities are simply to configure it. In fact I pointed out how big the Linux kernel is and how it is much harder to audit than OpenBSD. When I talk about layers, I am talking about the high level applications, such as a web server, or a file server. On Linux it is the norm for these to sit within SELinux confinement most likely within a docker/kubernetes container. As you have explained here, a kernel vulnerability has toppled the entire stack. This is why I believe OpenBSD is better for security, as its base system is designed to be as secure and maintainable as possible. Take care, -- Polarian Jabber/XMPP: [email protected]
