Exploits of a local machine with hardware access are a dime a dozen.

For most things everyone assumes if you can run arbitrary code you already have total effective control. That is why the gold standard is RCE remote code execution not root.

Privilege escalation is a problem but is the majority of the vulnerabilities found so far. And it is really only a problem in mixed environments where you are expecting to run untrusted code.

Xcancel: https://xcancel.com/GrapheneOS/status/2035450069118296272

To me this reads more like a cope for Cellebrite. How about start by disabling JTAG debugging on cell phones and have bluetooth default off and power it down if not actively used? Even better prompt the user if something tries to communicate on USB before accepting any data at all. That is not a Linux problem, that is a fundamental hardware design problem. Every OS would have problems trying to create security boundaries around this. Complaining about memory safety is a new trendy cop-out. Every OS has memory safety issues.

Wow that's a hard take if I've read one