Comment by nextos
1 month ago
Capability-based security via sandboxing is not that hard to overlay.
Firejail provides a very usable implementation with default profiles for lots of programs.
I've been using this since the PyTorch exploit [1].
Most programs don't need access to large parts of your filesystem or network.
In my experience, most sandboxing systems seem to be deficient in many ways. (It would be possible to improve it (I don't know what changes might be required in the kernel, although some things might be possible with ptrace, it would make it difficult and possibly inefficient and/or unportable), although making an entirely new computer design would improve the security more than that.)
I think it's a compromise. Personally, I believe something like Firejail or bwrap can make your system much more secure while introducing minimal inconveniences.
Other things to consider are a userspace firewall and securing Xorg, which is kinda tough at the minute unless you migrate to Wayland.
The Unix security model is outdated, and we should be at the very least upgrading to something like that.