about summary refs log tree commit diff stats
path: root/sandboxing
Commit message (Collapse)AuthorAgeFilesLines
* sandbox: more scenariosKartik K. Agaram2021-12-251-0/+5
|
* sandbox: new scenarioKartik K. Agaram2021-12-251-0/+4
|
* more sandboxing scenariosKartik K. Agaram2021-12-251-0/+9
|
* back to sandboxing; focus on files and socketsKartik K. Agaram2021-12-251-0/+2
|
* sandbox: no popenKartik K. Agaram2021-12-251-1/+1
| | | | Again, too difficult to sandbox for now.
* sandbox: UXKartik K. Agaram2021-12-251-1/+3
|
* sandbox: another scenario, some UX ideasKartik K. Agaram2021-12-251-0/+8
| | | | | | | | | | | | | I'd originally thought of allowing policies to be influenced by arbitrary code. But that may be overkill: - it's probably not a good idea to allow policies to read/write from file system - it's even less a good idea to allow policies to access the network - particularly since it's difficult (error-prone) to distinguish GET/POST in arbitrary protocols - once you allow file system and network, you're pretty close to owned So let's first focus on the simplest policy, the one that is easiest to secure. We'll add capabilities to policies as we gain confidence we can secure them.
* sandbox: record scenarios I've thought of so farKartik K. Agaram2021-12-251-4/+24
|
* .Kartik K. Agaram2021-12-251-2/+2
|
* stop futzing around and start sandboxingKartik K. Agaram2021-12-244-0/+937