Hacker News new | past | comments | ask | show | jobs | submit login

Sigh.

On the one hand, this seems like a slight improvement.

On the other hand, while it’s a bit of a slog, it’s possible to actually sandbox dependencies. libxz, for example, has well defined inputs and outputs. It’s possible to load it in such a way that all it can do is consume inputs and produce outputs that depend on those inputs. (And allocate memory and waste CPU, but that’s DoS at worst.)




A shared object that is loaded in the same thread/process as the rest of your application is not sandboxed from your application.


In can be with RLBox[0], which compiles the code to WebAssembly and then back to C. It's used in Firefox to sandbox various format parsing libraries.

[0] https://rlbox.dev/


That's true. But both in-process and out-of-process sandboxing are doable, as is writing code in a manner that is provably (for various definitions of provability) free of various classes of side effects.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: