[techntoke]

If they would just use a container sandbox and AppArmor/Seccomp/etc we wouldn't be stuck on this JavaScript monster we've created that still allows companies to spy on every mouse movement and track you around the web by default, but now requires 100s of unvetted JavaScript modules and dependencies for a framework to do the most simple tasks that should be included by default in HTML.

[staticassertion]

This doesn't make any sense.

A) It's not a good idea. The Chrome sandbox is arguably a lot stronger than Apparmor/ Seccomp. A native program in Apparmor or SELinux can still make virtually arbitrary system calls, whereas an attacker who has compromised a Javascript renderer can not. Further, The attacker would have to own the renderer first, whereas you're talking about just giving native execution rights. Further than that, you can just Apparmor/seccomp chrome? So just go do that? I've done it myself.

B) The attacks described in the post have nothing to do with code execution on your system. They're talking about attacks like XSS, which would exist in any language that provides the ability to manipulate the DOM with strings - so, any of the ones that would be useful.

[techntoke]

> It's not a good idea. The Chrome sandbox is arguably a lot stronger than Apparmor/ Seccomp. A native program in Apparmor or SELinux can still make virtually arbitrary system calls, whereas an attacker who has compromised a Javascript renderer can not. Further, The attacker would have to own the renderer first, whereas you're talking about just giving native execution rights. Further than that, you can just Apparmor/seccomp chrome? So just go do that? I've done it myself.

In a container sandbox platform, you could still define the permissions that must be granted for a site. Like, this program wants to access your camera, should you let it? Or, it wants to access a directory. That isn't much different than a browser today.

[staticassertion]

It's not much different in its goals, it's just a strictly worse implementation.

[techntoke]

Nothing can be worse than the JavaScript monster we have today

[The_rationalist]

If they used such a sandboxing technology, could they bring true support for other programming languages than js? (webassembly has no seamless support of browser APIs and no seamless js interop) I strongly think that bringing graalVM polyglotism to browsers is one of the biggest breakthroughs awaiting browsers this century! It would bring the pleasure and expressiveness of modern programming languages, bring more performance and bring an insanely big advantages, order of magnitude too big for our homo sapiens brains to realize: bring the other programming ecosystems such as the Java one, as such bring hundreds of billions of dollars of existing human resources AKA the best open source libraries in the world, solving any niche problem at will.

[staticassertion]

Java ran in the browser less than 5 years ago and it was a disaster.

[The_rationalist]

Explaining why it was and why it would still be a disaster would bring actual intellectual value to your comment. The old plugin interface was not at all integrated with browser APIs nor interoperable with js like ts is. The security issues are nothing undoable, one just need to fully sandbox the VM, V8 has nothing special that couldn't be added to graalVM.

Meanwhile not having programming languages is a disaster as I explained in my parent comment but did your brain process the added value that such a change would bring to the world?

[staticassertion]

I didn't think it needed to be stated why. It was horrible from a security perspective. The world has completely changed in terms of end user security since Java went from default-run to click-by-default to denied.

"One just needs to fully sandbox the VM" this is easier said than done. I explained in another post why Apparmor/Selinux are not nearly as effective as the Chrome sandbox. As for V8, sure, you could port over many mitigations it has to graalVM and get it running in a similar sandbox. Feel free, I'd certainly support you doing so.

Sure, my brain processes the benefit of other languages just fine. I'm excited to see wasm come to the browser.

[The_rationalist]

I explained in another post why Apparmor/Selinux are not nearly as effective as the Chrome sandbox. Interesting, where can I find such post?

I'm excited to see wasm come to the browser. Yeh but it doesn't have native binding with the browser APIs nor does it have multilanguage interoperability, hence the added values of graalvm over wasm.

[techntoke]

Java not running in the browser is still a disaster. Python and Go would be awesome.

[techntoke]

Yes, not only would it allow support for other programming languages but it would be orders of magnitude faster than JavaScript. I agree with pretty much everything you said.