Like holy shit this article is such a massive hate boner for Linux that is only partially true:
> A very basic exploit technique is simply to find a way to execute the attackers own malicious code either by loading a malicious library on disk or by dynamically modifying executable code in memory.
I'm not aware of any modern kernel that marks executable memory as write, execute. We're talking like < Ubuntu 8 releases … maybe. What you can do is call mprotect after ROPing and doing a stack pivot but this same use-case exists in Windows and BSD - mac has code signing so you would have to bypass that.
> The kernel has huge attack surface and is constantly adding new and dangerous features. The Linux kernel is equivalent to running all user space code as root in PID 1.
See Windows, Mac, and BSD. This is a non argument because they all have massive kernel code with drivers all running in the lowest ring of protection. Windows has patch guard for some things and Mac has just recently (as of Big Sur) limited means by which you can get the mach port for pid 0 (the kernel for read write)