[zadokshi]

Developers should be required to add flags to allow reading/writing to disk. i.e. choose —-insecure-disk—access or —-allow-read=/myapp

I hate the idea of making things a tiny bit more difficult for beginner developers, but what is the alternative?

[zxvkhkxvdvbdxz]

A reasonable alternative would be for the app to have no permissions and request permissions from the OS that would either deny access or prompt the user.

Most apps have no business outside their own data/cache folders.

I think the Apple implementation is a good start.

[hulitu]

> A reasonable alternative would be for the app to have no permissions and request permissions from the OS that would either deny access or prompt the user.

A reasonable alternative would be for the app to have no access to the internet and work freely with the available files, just like before. Why must every app be an RCE vector ?

[halJordan]

And yet, everyone hates snap

[bayindirh]

snap is being hated for different reasons. Namely a closed backend, a walled garden, and packages pushed down the throats of users for “creating a positive pressure on the Snap team to do a good job”.

[the_plus_one]

This is more on the user end, but there's ways for users to isolate programs in such a way that this malware wouldn't have access to e.g. browser files and cryptocurrency wallets, some more effective/practical than others. Virtual machines, containers, jails, chroots, etc.

I think one example of what you're talking about can be seen on Android. The developer has to explicitly declare permissions (like file access) in the manifiest, and the user has to explicitly approve it.

[Rendello]

I like the interface of OpenBSD's `pledge` and `unveil`:

https://awesomekling.github.io/pledge-and-unveil-in-Serenity...

[supriyo-biswas]

It's interesting that the malware is based on Node. A person trying to solve the take-home using Deno would have needed to pass flags similar to the ones mentioned[1] and perhaps have caught the problem immediately.

[1] https://docs.deno.com/runtime/fundamentals/security/

[saagarjha]

Ok, then every developer picks --insecure-disk-access. Now what?