Comment by crabmusket
Comment by crabmusket 20 hours ago
Seeing the example code made me wonder if this would allow introducing capability based security. E.g. passing an `io` instance to a library which can only read a subtree of the filesystem.
Edit: not quite https://news.ycombinator.com/item?id=44549430
Only if you are sure all the code uses the IO instance, if you mean language level sandboxing of untrusted code then no, zig code can always call syscalls directly. But you can compile zig to wasm which will give you capability based security.