Zack Weinberg on Nostr: 7. The biggest single thing you can do to protect yourself against privilege ...

7. The biggest single thing you can do to protect yourself against privilege escalation *into the kernel* is to use a monolithic kernel. (There are a bunch of other places that you need to tweak if you want to be _really sure_ no one can ever inject code into supervisor mode, but without CONFIG_MODULES=n or equivalent they're all pointless.) It's a damn shame that current Linux distros make this so hard.