Hacker News new | ask | show | jobs
by adrian_b 529 days ago
While most computers are personal computers, which have a single real human user, you still have to run a lot of untrusted programs, like the Internet browsers or whatever programs you might download from dubious sources.

While perhaps the term "user" is no longer the best, there is a need even more than before to run programs with limited rights, corresponding to the rights of some pseudo-users, which should not be able to access or modify anything belonging to the real human user, unless a special permission is granted.
2 comments
Too 529 days ago
Android works like this. It's linux based and runs every app as its own user. On top of that it adds SELinux and many other isolation strategies.

https://source.android.com/docs/security/app-sandbox

link
calvinmorrison 529 days ago
So, basically all my sandbox concerns go away if I run as root and every browser runs as its own user
link