this post was submitted on 31 Aug 2023
49 points (98.0% liked)

Programming

17538 readers
98 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 1 year ago (5 children)

There's languages designed with Capabilities in mind. Like, whatever starts the program gets to decide what functionality is exposed to the running program. It's great for situations where you might run untrusted code and want to, as an example, not allow network access, or filesystem access.

More generally there's also sandboxing techniques that runtimes provide. Webassembly for instance is designed for programs to run in their own memory space with a restricted set of functions and, again, Capabilities. This might be nice if you ever work on a cloud application that allows users to upload their own programs and you want to impose limits on those programs. Think AWS Lambda, except the programs running wouldn't necessarily even have access to the filesystem or be able to make web requests unless the user configures that.

It might be a good design space for even more esoteric areas, like device drivers. Like, why worry if your GPU drivers are also collecting telemetry on your computer if you can just turn off that capability?

There's older applications of sandboxing that are a bit further from what you're asking as well; like, iframes on a webpage; allowing code served from different servers you don't necessarily control to run without needing to worry about them reading access tokens from local storage.

Or even BSD Jails and chroot.

Good question 💖

[–] atheken 1 points 1 year ago

I think Roc has some ideas like this.

On a sandboxing level, I suppose we’d be talking about Unikernels (which seem cool, but the tooling didn’t look simple enough to experiment with them)

load more comments (4 replies)