General sandbox specs?

Thomas Leonard tal00r at ecs.soton.ac.uk
Fri Mar 12 22:44:19 EET 2004 

On Fri, Mar 12, 2004 at 07:56:16PM +0100, Lars Hallberg wrote:
[...]
> I was kind of thinking, if the app is untrusted, You don't want it to 
> drag stuff in the main cache, And also, remove the sandbox, and You have 
> removed all dependances the sandbox app has pulled in!

There might be a slight misunderstanding here... having untrusted stuff in
the cache is not a problem. It works a lot like a web cache (but more
persistent): if someone visits a dodgy (web) site it goes in the cache,
but noone else will see it unless they too try to access the same site.

So, if one user runs evil.com/hurtme it will be cached, but no other user
is any more or less likely to run it than they were before. It doesn't
automatically get placed into PATH or anything like that.

Now, you might want to try various interfaces to this. For example,
clicking on evil.com/hurtme in the filer could check that the site was in
the trusted list and confirm or refuse if not.

In fact, you'd probably have your filer pop up a dialog:

	You have not run evil.com/hurtme before.
	What do you want to do?

	* Run it in a sandbox.
	* Run it will full access to your files.
	* Don't run it.

> Sorry, I was unclear here. I was so intriged by the zero install 
> consept. But this realy aply to a 'mother' system runing zero install, 
> not att all to the sandbox itself.

Probably. The ultimate plan doesn't involve explicit sandboxes at all, but
runs everything in a sandbox environment of some kind.

> If I undurstand zero install right, if somthing alreddy is in the cach, 
> it is just run/loaded without any check.
> So once aproved, its avalible to everyone!

It's run without any check whether it's in the cache or not. Checks are
done by the application that provides the interface to run it. Having
something in the cache makes no difference to the interface at all, except
for speed (it's faster if already cached). But users don't see things as
"cached" or "uncached"; everything appears available at all times (like
with web pages).


-- 
Thomas Leonard			http://rox.sourceforge.net
tal00r at ecs.soton.ac.uk	tal197 at users.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

More information about the xdg mailing list