Hacker News new | ask | show | jobs
by AnthonyMouse 4125 days ago
> Not to say that situation isn't bad, but you can't compare it to C++ because nobody ever thought running untrusted C++ code without some other sandboxing was a good idea.

This is actually kind of a point for the other side. You can sandbox code regardless of what language it's written in. Maybe what we need is not better languages but better sandboxes. Even when code is "trusted", if the developer knows it doesn't need to e.g. write to the filesystem or bind any sockets then it should never do those things and if it does the OS should deny access if not kill it immediately.
4 comments
Already__Taken 4124 days ago
Isn't this exactly what SELinux does but nobody bothers to configure the rules?
link
jiffytick 4124 days ago
But sandboxing does nothing to protect information if the information resides in the sandbox (sandboxing wouldn't have stopped heartbleed).

Rust and friends would aren't going to make all securty issues go away, just as sandboxing would not. There is no one true silver bullet in securty, at least not yet.

link
Ded7xSEoPKYNsDd 4124 days ago
> This is actually kind of a point for the other side.

I wanted to move the goalpost from "Java is insecure" to "the Java sandbox is insecure". I completely agree with the second statement, so I don't think I made a point for any other side.

link
trippy_biscuits 4124 days ago
You made the point that I was trying to make: implementations are not secure. A programming language can follow a philosophy but implementations never quite line up with the theory. We only use implementations of the theory and experience shows that implementations all have vulnerabilities.
link
Ded7xSEoPKYNsDd 4124 days ago
I'm sorry if I misrepresented your post, but I feel you do the same to mine. I didn't say the JVM is insecure - I said the sandboxing part of the JVM is insecure and C++ doesn't have anything comparable.
link
xorcist 4124 days ago
True, and a malfunctioning sandbox is worse than useless.

People tend to base security on them. Google did in their AppEngine cloud, but they put a lot of engineering resources and defence-in-depth behind it.

link
Padding 4124 days ago
> a malfunctioning sandbox is worse than useless

Are there any sandboxes in existence which are definitely not worse than useless?

link
xorcist 4124 days ago
seccomp is simple and useful, in both incarnations.
link