Commit Graph

10 Commits

Author SHA1 Message Date
Kartik K. Agaram
e4c0b0a3e7 sandbox: more scenarios 2021-12-25 16:16:52 -08:00
Kartik K. Agaram
ee66da41f5 sandbox: new scenario 2021-12-25 14:36:56 -08:00
Kartik K. Agaram
399fb500f4 more sandboxing scenarios 2021-12-25 14:00:03 -08:00
Kartik K. Agaram
02d05d61c7 back to sandboxing; focus on files and sockets 2021-12-25 11:39:56 -08:00
Kartik K. Agaram
917646fc9f sandbox: no popen
Again, too difficult to sandbox for now.
2021-12-25 11:04:23 -08:00
Kartik K. Agaram
76677dbd6f sandbox: UX 2021-12-25 09:05:32 -08:00
Kartik K. Agaram
46d4438cc4 sandbox: another scenario, some UX ideas
I'd originally thought of allowing policies to be influenced by
arbitrary code. But that may be overkill:
  - it's probably not a good idea to allow policies to read/write from file system
  - it's even less a good idea to allow policies to access the network
    - particularly since it's difficult (error-prone) to distinguish GET/POST in arbitrary protocols
  - once you allow file system and network, you're pretty close to owned

So let's first focus on the simplest policy, the one that is easiest to
secure. We'll add capabilities to policies as we gain confidence we can
secure them.
2021-12-25 08:59:46 -08:00
Kartik K. Agaram
732903fc18 sandbox: record scenarios I've thought of so far 2021-12-25 08:49:52 -08:00
Kartik K. Agaram
3964dd5f57 . 2021-12-25 07:34:51 -08:00
Kartik K. Agaram
e2846d9a55 stop futzing around and start sandboxing 2021-12-24 10:39:06 -08:00