[BobbyTables2]

How about “curl” and “wget” shouldn’t have free rein to read/upload and/or overwrite every damn file owned by my user?

Why does “ping” need to have file system access?

[yencabulator]

Moving out of the world of "applications" into shell commands, we're gonna need a new shell that understands that `wget -o myfile https://example.com` needs to be handed a capability to write data, or we need change our habits a lot into always shuffling everything over pipes or such. In either scenario, if you want that level of granularity, I don't think UNIX will survive as we remember it.

(More likely path for now: start a new sandbox, run things in it, put result files in an "outbox", quit sandbox, consume files from outbox. Also not very convenient with current tools.)