Hacker News new | past | comments | ask | show | jobs | submit login

Much like "security," I think of "sandboxing" as "defense against what"? Because on one end of the spectrum is "system prints hello world, exits" and the other is emulated ... everything, virtual filesystem, virtual network, etc, as one might find in a capture the flag scenario

So, I guess the rest of the owl is: what, if you had a magic wand, would you use such a system to run user submitted code to do?




Its integration code, for third party services. Both read and write.

So by nature you need to access the internet, but not the local network, and you need some file system access, but not much.

We also pay for cpu cycles, so preventing bitcoin mining is another one.

Basically do anything, but access our internal services, siphon out data in transit, mine bitcoin.

(Also before people say sandboxing wont solve all of this. I know. :P )




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: