Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Moving something from userland to the kernel is not generally understood to be attack-surface-minimizing. One of the goals of attack-surface-minimizing designs, like privilege separation, are to get as much out of the kernel (or out of privileged processes) as possible.

Hosting WireGuard in-kernel is a performance and compatibility strategy. Being hosted in kernel makes WireGuard higher-risk, which Jason mitigates with other software security tactics, like a simple design that can be implemented without dynamic allocation, and a tiny codebase.



Thanks for the explanation.


Not generally understood but .. my analogy is the castle and the keep.

The keep has a smaller attack surface than the castle. Of course if the keep is compromised, your security just failed, dramatically.


Not in this case; what you're talking about here is putting more apertures into the keep.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: