Open allanlw opened 7 years ago
I think it's a bit passive aggressive (to say the least) to mark this as "wontfix" and leave no comment.
I do not agree that this is an "enhancement". It is a fundemental flaw in the userspace implementation of silvos.
Here is a good new paper on this which suggests it is impossible: https://arxiv.org/abs/1612.04474
Not only does Silvos not well-isolate userspace processes from each other, it also does not well-isolate kernel space from userspace.
In particular, with Silvos it is possible for user space programs to gain vital information about other processes and even the kernel itself through cache side channel attacks.
Some possible approaches to solutions include:
Because none of these are available I do not feel comfortable doing my RSA computations inside a silvos userland.