Lexi Winter writes: > i would be interested to know if anyone has managed to create a > sandboxed HTML renderer, to avoid issues where an incoming HTML email > exploits a bug in w3m/elinks/lynx/whatever to execute code on the local > system. > > i am particularly interested in this on FreeBSD -- while FreeBSD has a > very robust sandboxing system (Capsicum), it doesn't really allow > unmodified executables to be run in the sandbox so it doesn't help here.
OpenBSD's lynx package uses the pledge system call to prohibit code execution (in pledge terms, limiting its capabilities to "stdio rpath wpath cpath fattr dns inet tty"). Would be nice if there were an HTML renderer out there implementing a more fine-grained approach through privilege separation, however... besides Chromium, I mean.
