From ee66da41f53e1d23ff83cbca93fc10e8eee34945 Mon Sep 17 00:00:00 2001
From: "Kartik K. Agaram" <vc@akkartik.com>
Date: Sat, 25 Dec 2021 14:36:56 -0800
Subject: sandbox: new scenario

---
 sandboxing/README.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sandboxing/README.md')

diff --git a/sandboxing/README.md b/sandboxing/README.md
index ab3adf3..f73059c 100644
--- a/sandboxing/README.md
+++ b/sandboxing/README.md
@@ -44,6 +44,10 @@ Scenarios:
       allows an app to do anything. Educate people to separate apps that read
       sensitive data from apps that access remote servers.
     - (2) solution: map phases within an app to distinct permission sets
+  * app A legitimately needs to read sensitive data. It saves a copy to file
+    X. app B seems to legitimately needs to access the network, but also
+    asks to read file X. If the owner forgets who wrote file X and what it
+    contains, sensitive data could be exfiltrated.
   * (3) app wants access to system() or exec() or popen()
 
 Difficulty levels
-- 
cgit 1.4.1-2-gfad0