Re: This seems a very level-headed and straight forward discussion
I was a bit surprised that Linus didn't think that the OS could ever be truly hardened. Perhaps that is just a limitation akin to Godel's theorem?
What Linus said.
Bugs aside, it may be possible to formally prove that an OS can't be fully hardened unless the hardware fully implements hardware rings of protection as used by MULTICS and VME/B and that firmware, hypervisors, OS, and application code are partitioned to take full advantage of the security the rings of protection provide.
Yes, I'm aware that MULTICS and VME/B are ancient OSes and that,of the two, only VME/B is still maintained, that current Intel chips provide a reduced set of rings of protection (4 instead of the 8 used by MULTICS and VME/B) and that the likes of Windows 7 only uses two of them. They could do better: VME/B ran user code at level 7 with user data at level 8 so a program could not write to its code or be made to do so and could not access inner rings except via secure system calls. This level of code protection is totally unknown to Windows 7 (where the kernel runs at level zero and everything else is lumped together in level 2. Dunno Windows 8 & 10 do, but I'd hope the answer is 'better than that'. The same hope applies to Linux, BSD and the Apple OSen.
Can anybody point at current hardware with more rings of protection than Intel chips or at any OS that uses all the levels provided by its target hardware?
Isn't it about time any OS worthy of the name got hardened by making full use of the hardware's rings of protection. Just doing that would reduce the attack surface by quite a large amount.