

Applying sandbox around Safari with a single click - nirmal
http://wishinet.blogspot.com/2009/03/applying-sandbox-exec-around-safari.html

======
blasdel
The Sandbox Policy language is parsed by sandbox-compilerd, which embeds
TinyScheme, and is sandboxed metacircularly.

------
verdant
This would seem to address some of the concerns about Safari that are being
discussed along side the recent Black Hat conference. It was mentioned earlier
that Chrome had been the only browser not to fall due to the sandbox method of
thinking. Seeing as Chrome is based on webkit, it is basically "Safari in a
sandbox".

~~~
verdant
Edit: My mistake - I wrote Black Hat, but it was actually Pwn2Own. Sorry for
any confusion.

------
sant0sk1
This is a security non-starter until Apple enables the sandboxing by default
on all systems. Average users just flat out won't do this. They won't even
know about it.

~~~
nirmal
Yes, but I think it's safe to assume that HN readers are not average users. We
can spread the word of safety :).

