Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | sandbox: more scenarios | Kartik K. Agaram | 2021-12-25 | 1 | -0/+5 |
| | |||||
* | sandbox: new scenario | Kartik K. Agaram | 2021-12-25 | 1 | -0/+4 |
| | |||||
* | more sandboxing scenarios | Kartik K. Agaram | 2021-12-25 | 1 | -0/+9 |
| | |||||
* | back to sandboxing; focus on files and sockets | Kartik K. Agaram | 2021-12-25 | 1 | -0/+2 |
| | |||||
* | sandbox: no popen | Kartik K. Agaram | 2021-12-25 | 1 | -1/+1 |
| | | | | Again, too difficult to sandbox for now. | ||||
* | sandbox: UX | Kartik K. Agaram | 2021-12-25 | 1 | -1/+3 |
| | |||||
* | sandbox: another scenario, some UX ideas | Kartik K. Agaram | 2021-12-25 | 1 | -0/+8 |
| | | | | | | | | | | | | | I'd originally thought of allowing policies to be influenced by arbitrary code. But that may be overkill: - it's probably not a good idea to allow policies to read/write from file system - it's even less a good idea to allow policies to access the network - particularly since it's difficult (error-prone) to distinguish GET/POST in arbitrary protocols - once you allow file system and network, you're pretty close to owned So let's first focus on the simplest policy, the one that is easiest to secure. We'll add capabilities to policies as we gain confidence we can secure them. | ||||
* | sandbox: record scenarios I've thought of so far | Kartik K. Agaram | 2021-12-25 | 1 | -4/+24 |
| | |||||
* | . | Kartik K. Agaram | 2021-12-25 | 1 | -2/+2 |
| | |||||
* | stop futzing around and start sandboxing | Kartik K. Agaram | 2021-12-24 | 4 | -0/+937 |