From ee66da41f53e1d23ff83cbca93fc10e8eee34945 Mon Sep 17 00:00:00 2001
From: "Kartik K. Agaram" <vc@akkartik.com>
Date: Sat, 25 Dec 2021 14:36:56 -0800
Subject: sandbox: new scenario

---
 sandboxing/README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sandboxing/README.md b/sandboxing/README.md
index ab3adf3..f73059c 100644
--- a/sandboxing/README.md
+++ b/sandboxing/README.md
@@ -44,6 +44,10 @@ Scenarios:
       allows an app to do anything. Educate people to separate apps that read
       sensitive data from apps that access remote servers.
     - (2) solution: map phases within an app to distinct permission sets
+  * app A legitimately needs to read sensitive data. It saves a copy to file
+    X. app B seems to legitimately needs to access the network, but also
+    asks to read file X. If the owner forgets who wrote file X and what it
+    contains, sensitive data could be exfiltrated.
   * (3) app wants access to system() or exec() or popen()
 
 Difficulty levels
-- 
cgit 1.4.1-2-gfad0

' value='switch'/></form></td></tr>
<tr><td class='sub'>Soul of a tiny new machine. More thorough tests → More comprehensible and rewrite-friendly software → More resilient society.</td><td class='sub right'>Kartik K. Agaram &lt;vc@akkartik.com&gt;</td></tr></table>
<table class='tabs'><tr><td>
<a href='/akkartik/mu/about/?h=hlt'>about</a> <a href='/akkartik/mu/?h=hlt'>summary</a> <a href='/akkartik/mu/refs/?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>refs</a> <a href='/akkartik/mu/log/http-client.mu?h=hlt'>log</a> <a class='active' href='/akkartik/mu/tree/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>tree</a> <a href='/akkartik/mu/commit/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>commit</a> <a href='/akkartik/mu/diff/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>diff</a> <a href='/akkartik/mu/stats/http-client.mu?h=hlt'>stats</a></td><td class='form'><form class='right' method='get' action='/akkartik/mu/log/http-client.mu'>
<input type='hidden' name='h' value='hlt'/><input type='hidden' name='id' value='857ba192061823823b93675ea21739ffa3e09509'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/akkartik/mu/tree/?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>root</a>/<a href='/akkartik/mu/tree/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>http-client.mu</a></div><div class='content'>blob: 8f04c2bc117de677e7a91ab66485c513d738e90a (<a href='/akkartik/mu/plain/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>plain</a>) (<a href='/akkartik/mu/blame/http-client.mu?h=hlt&amp;id=857ba192061823823b93675ea21739ffa3e09509'>blame</a>)
<table summary='blob content' class='blob'>
<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
<a id='n2' href='#n2'>2</a>
<a id='n3' href='#n3'>3</a>
<a id='n4' href='#n4'>4</a>
<a id='n5' href='#n5'>5</a>
<a id='n6' href='#n6'>6</a>
<a id='n7' href='#n7'>7</a>
<a id='n8' href='#n8'>8</a>
<a id='n9' href='#n9'>9</a>
<a id='n10' href='#n10'>10</a>
<a id='n11' href='#n11'>11</a>
<a id='n12' href='#n12'>12</a>
<a id='n13' href='#n13'>13</a>
<a id='n14' href='#n14'>14</a>
<a id='n15' href='#n15'>15</a>
<a id='n16' href='#n16'>16</a>
<a id='n17' href='#n17'>17</a>
<a id='n18' href='#n18'>18</a>
<a id='n19' href='#n19'>19</a>
<a id='n20' href='#n20'>20</a>
<a id='n21' href='#n21'>21</a>
<a id='n22' href='#n22'>22</a>
<a id='n23' href='#n23'>23</a>
<a id='n24' href='#n24'>24</a>
<a id='n25' href='#n25'>25</a>
<a id='n26' href='#n26'>26</a>
<a id='n27' href='#n27'>27</a>
<a id='n28' href='#n28'>28</a>
<a id='n29' href='#n29'>29</a>
</pre></td>
<td class='lines'><pre><code>