rabbit hole of system security goes far indeed
optimal solution is ofc where you get near native performance from everything, everything is easy to use, yet achieve perfect user account isolation where you can process sensitive stuff under one account and run insecure stuff under another
however, in the end we come to firmware and hw, where there is no control even in linux
fun to know: one youtuber found a bug in apple gpu drivers, where you could hack the system by running 3d application :D
Please Login to reply.
*maybe it was firmware