Hacker News new | ask | show | jobs
by darren_ 5349 days ago
It's not even 'poorly written', it's nearly every non-trivial C/C++ app, over a long enough time, turns out to have _something_ exploitable in it.
1 comments
dogfu 5349 days ago
sigh

Does that include the sandbox itself, which was written in C?

link
darren_ 5349 days ago
Yes? But it presents a much smaller attack surface (as compared to the attack surface presented by the set of applications you might otherwise run under a sandbox). And it's maintained/secured by one vendor instead of the set of vendors that distribute the applications you might otherwise run under the sandbox.
link
kenferry 5348 days ago
Ah, but the sandbox profile are written in scheme! So clearly all good.
link