Comment by codethief

Comment by codethief 3 days ago

2 replies

View on Hacker News

> Genode is based on a recursive system structure. Each program runs in a dedicated sandbox and gets granted only those access rights and resources that are needed for its specific purpose. Programs can create and manage sub-sandboxes out of their own resources, thereby forming hierarchies where policies can be applied at each level.

Damn, I've been hoping someone would create something like this for quite some time!

samus 3 days ago

The difficulty is the same as for current sandboxing efforts on desktop Linux though: most existing applications assume unrestricted access to user data. They have to be adapted or have to be granted unrestricted access. Otherwise users will simply not be willing/able to use the machine in secure ways.

The technologies has been there for decades, but is applicable to a greenfield setting only.

Reply View 1 reply
  • codethief 2 days ago

    > The difficulty is the same as for current sandboxing efforts on desktop Linux though

    You're right, that is a problem. However, the situation on Linux is even worse since you can't even nest sandboxes/containers in most real-world situations.

    Reply View 0 replies