Hacker News new | ask | show | jobs
by quotheth 3052 days ago
I think this is the wrong attitude. No one is better suited to implement a sandbox than the developer of the application. The fact that most developers are not trained to do so is just a reflection of our field's terrible progress re: education devs on secure app dev.

Leaving this to the user leaves the vast majority of users unsafe. This is an unacceptable state.
1 comments
wander_homer 3052 days ago
Why should an application developer implement a sandbox? That's a huge waste of time and it's much more efficient if the operating system or the user enforces it instead by using existing sandboxing technologies like firejail. It is also untrustworthy and insecure, since after all you don't trust the application. If an application is responsible for sandboxing itself it can also choose not to sandbox itself properly if it wants to do harm.

There is no way around you either taking care of that yourself or you choosing an operating system that enforces it for you, like Qubes OS.

link
quotheth 3051 days ago
> Why should an application developer implement a sandbox?

Because they are the ones who understand the necessary capabilities of their program and the ones who have access to the source code...

> That's a huge waste of time and it's much more efficient if the operating system or the user enforces it instead by using existing sandboxing technologies like firejail.

Actually it's a far better sandbox when built into the program. And it doesn't leave users relying on installing arcane operating systems or becoming technically savvy.

> It is also untrustworthy and insecure, since after all you don't trust the application.

No, trusting the application is implicit since it's installed by the user. The sandbox exists to protect against a compromised application.

link