@nano @lilly How fun. Zero-interaction network-layer #RCE.

Yet another instance of #QubesOS' stance on the NetVM being vindicated.

Can we please stop using & implementing OSes with monolithic memory-unsafe kernels with broad #AmbientAuthority?

@finn That's unfortunately the problem when you're not willing to play ball with the #NDA #monopoly assholes.

Or peddlers of proprietary garbage that feel a burning need to have you run their #malware in the #AmbientAuthority of your monolithic memory-unsafe kernel.

Remaining parts are underpowered and/or overexpensive.

@dekkzz76 https://en.wikipedia.org/wiki/Principle_of_least_privilege in contrast to having no separation (the wikipedia page on #AmbientAuthority is misleading and terrible).

A malicious driver in the Linux kernel essentially has the keys to the kingdom, there is *nothing* it cannot do if it feels like it.

That's not the case for firmware (insofar as the #IOMMU is working, #DMA isn't broken and other hardware implementation details also aren't).

@dekkzz76 I'd greatly prefer if we could have #FreeFirmware but I'm less worried about the firmware blobs that are ostensibly isolated by the #IOMMU than drivers in the #AmbientAuthority nightmare that is the usual unix-like kernel.