[abecedarius]

I used E in the 90s: http://erights.org/

I haven't kept up with newer systems but I've heard of https://github.com/endojs/endo and just came across http://reports-archive.adm.cs.cmu.edu/anon/home/anon/isr2017... (which says "in the style of the E programming language" -- that's as far as I've read) while looking that up.

WebAssembly was designed to follow the same capability security principles. CHERI too as someone else just brought up.

Yet another newer capability system in progress -- I don't know what it can do today or if it tackles this particular problem but it sounds cool: https://spritelyproject.org/

[chrisco255]

WASM is great in that you can sandbox code and give it limited permissions to run. Actually I do hope wasm becomes more widespread as a base for app development, however, when importing library code into your own native code base, it's going to run with the same perms as that code base. Sandboxing a library would have the effect of making it probably slower and more annoying to interact with.