> There are dozens of projects like this emerging right now. They all share the same challenge: establishing credibility.
replyCare to elaborate on the kind of "credibility" to be established here? All these bazillion sandboxing tools use the same underlying frameworks for isolation (e.g., ebpf, landlock, VMs, cgroups, namespaces) that are already credible.
The problem is that those underlying frameworks can very easily be misconfigured. I need to know that the higher level sandboxing tools were written by people with a deep understanding of the primitives that they are building on, and a very robust approach to testing that their assumptions hold and they don't have any bugs in their layer that affect the security of the overall system.
replyMost people are building on top of Apple's sandbox-exec which is itself almost entirely undocumented!
> The problem is that those underlying frameworks can very easily be misconfigured.
replyAgreed. I'm sure a number of these sandboxing solutions are vibe-coded, which makes your concerns regarding misconfigurations even more relevant.
Simon! Thanks. I appreciate your comment and totally agreed. I will improve the docs as well as tests.
reply