True. And I wonder if Minix is higher. But from a security point of view, you're only as strong as your weakest link. Linux runs device drivers in kernel space, so your OS is as strong as the hello-kitty driver. Think this is hard to exploit? You can create a USB device to search a linux host for device drivers that are exploitable, then imitate that device. [1]

Suddenly, the Hello Kitty USB drive matters. That code is running in kernel space.

Minix on the other hand runs device drivers in user-land. [2]

Given that device drivers contain 3-7 times as many bugs as other kernel code,[3] a conclusion you may reach is that Linux contains more bugs per line than Minix.

[1] https://www.youtube.com/watch?v=D8Im0_KUEf8

[2] http://www.minix3.org/other/reliability.html

[3] http://www.osnews.com/story/15960

ps. Sure as hell I can't code to the standard of getting a non-trivial patch accepted to the Kernel :-)

Interesting, though I guess there is a non-trivial performance cost to userspace drivers, seems hard to believe you could reasonably drive a GPU from userland. I remember John Carmack saying something about how driver overhead was the one of the biggest bottlenecks when developing modern games.

Driver quality is of course something which will always significantly rock the boat when it comes to stability but that is going to be the same with any operating system. To an extent driver quality should be a factor when choosing hardware. If you don't build your kernel with Hello Kitty support you never have to worry about that code.

I guess that is one of the reasons that Apple has a better reputation for software reliability in that for the most part they get to choose the hardware that will be used with the OS.

Most GPU drivers on Linux are largely userspace based. The kernel bit has a verifier for the command buffer generated by userland to ensure it's not making the GPU read out of memory that that process shouldn't.

On embedded there's less verification going on, but the drivers are still almost all in userland.

I think Apple USB drivers are userspace. USB was slow until 3.0.

I guess that would make sense, since USB peripherals are likely less performance sensitive in terms of latency and are also the place where you are going to get the widest variety of devices.

If you have physical access to a computer (so you can put Hello Kitty USB in it) you can have root on it anyway, no matter the OS.

This would be a fun game: CTF with physical access :-)

Yeah, it always bugs me, people bitch and moan about "getting into mainline" and having to "satisfy every use case of Linux", then they claim Linux is shitty code. They don't seem to connect that discriminating in what patches are accepted is no guarantee of quality, but it is a pre-requisite.