Hacker News new | ask | show | jobs
by mrmagooey 4406 days ago
A lot of programs have more complexity than what is immediately obvious:

* The Microsoft office suite has a VB interpreter for every application,

* 3D (Blendr, Rhino) and graphics (gimp) tools have inbuilt python interpreters,

* And, it seems like there's always notes coming out from postgresql about how to deal with os limitations/gotchas
4 comments
laurent123456 4406 days ago
But the point still hold. Let's say the script interpreter of MS Office (or gimp or sublime, etc.) needs access to the hard drive. The system, no matter how locked up, still needs to give full access to the hard drive, unless they want to break the app.

From there, the same exploits that were previously possible are possible again - they can, if they break out of whatever sandbox is in place, access everything. I guess the OS might work better for apps that don't need these rights to begin with, but then these apps usually aren't much a problem in regular OSes anyway.

link
icebraining 4406 days ago
The thing is, parts of the app might need access to the hard drive, but that doesn't mean the whole app needs it. For example, your email client as a whole needs hard drive access, but the email parser just needs a channel to receive the messages and return a data structure, so you can isolate it and then if an email is sent that tried to explore some bug in the parser that achieved code execution, it still couldn't delete or read your files.

For example, see the Chromium architecture: http://www.chromium.org/developers/design-documents/multi-pr...

link
rat87 4406 days ago
builtin interpreters doesn't equal an os.

Most of the time the os doesn't have a general purpose interpreter in the kernel even if they have an interpreter for important os functionality(sh/bash/powershell). And even then most of the time these interpreters aren't meant to be embeded in applications.

It's a fair point about postgresql but dbs that need max speed/control at times are an exception not the rule.

link
magpi3 4406 days ago
Most triple AAA video games would qualify as well.
link
yzzxy 4406 days ago
Or anything running a off-the-shelf 3D engine like Unity (?or Unreal?).
link
dangayle 4406 days ago
Sublime Text has a built-in Python interpreter too
link
riquito 4406 days ago
Probably they expose the same interpreter that started Sublime Text. If that is the case than Sublime Text is the complexity added ;-P
link