Darwin, since Leopard's release, has sandboxing support built in to
the kernel. Some background processes on Mac OS that run as root and
access user files are sandboxed to be careful of buffer overflows and
stuff, though seemingly they developed it most of all so they could
sandbox the heck out of the iPhone OS's 3rd party apps, given the
device runs a version of Leopard.
From what I read in the comic, Chrome isn't doing network sandboxing,
just sandboxing filesystem access so nobody can hack the JS engine and
use it's process to read /Users/_why/Music/GarageBand/brownnote-
sample.aiff and find some terrible secret of yours, or start writing
stuff in to C:\Windows\WIN.INI.
I always thought what _why was talking about with 'sandboxing' in
shoes was to do with insulating shoes apps from each other, so
$global_vars and the likes in one application don't exist in another
app running at the same time. Now I'm getting a deep down fear reading
_why's last message that perhaps his ideas are a bit more sinister and
Adobe AIR like... Fair enough to sandbox the filesystem and network
access if we're running a shoes app embedded in the browser or
something, but if I download a .shy in to my computer, or a
packaged .dmg, and run it, I want that program to be able to do
everything any Cocoa app could do. Yes, shoes apps should be able to
delete ~/Documents if they want to. I have yet to see a system where
that type of sandboxing hasn't stood in the way of fun and innovation,
and turned the whole platform in to boring kludge.
What is the intent with these sandboxy thoughts, _why?
On 04/09/2008, at 10:41 AM, William Morgan wrote:
Reformatted excerpts from _why's message of 2008-09-03:
I'm thinking something like a cross-platform Sandboxie (see:
sandboxie.com) which emulates a filesystem and socket environment for
each process.
Isn't that way harder than making MRI sandboxed? Look at what's out
there now. On FreeBSD you have jail. On Linux you have chroot (the
"poor
man's jail") and a couple virtualization options, of which OpenVZ
seems
like the most active, but all of which require patching your kernel. I
don't think you have any options on Darwin. On Windows you have
Sandboxie and whatever Google's done for Chrome. Each of these is a
very
different, very complicated thing...
I guess we can see what Google comes up with when they release Chrome
for Darwin and Linux. The latter seems significantly less likely to
happen anytime soon.
--
William <[EMAIL PROTECTED]>
