On Thu, 2013-01-31 at 14:46 +0000, Jason Smith wrote: > > The word "sandbox" is vague. There is no clear definition. (There is a > mundane historical reason for that: the "sandbox" was whatever the C > program did.)
Good point. For instance, even if you're executing JavaScript within plain Spidermonkeys, people might still be able to issue denial-of-service attacks against your system. Or side channel attacks. Earlier in this thread, I wrote a response to your email from Thu, 31 Jan 2013 16:54:45 +0000, where I put a list of "Seven Degrees of Sandboxing" and try to help finding a good approximation for what the notion of "sandbox" will mean to us. I just realized that it might have been a better fit to put it here. > Prediction: as quickly as we identify sandbox features, somebody can build > a Node.js implementation to reasonable satisfaction. But we'll see. Yeah.