Comment by viraptor
14 hours ago
Ridden? There are issues from time to time, but it's not like you can grab the latest, patched Ubuntu LTS and escalate from an unprivileged seccomp sandbox that doesn't include crazy device files.
14 hours ago
Ridden? There are issues from time to time, but it's not like you can grab the latest, patched Ubuntu LTS and escalate from an unprivileged seccomp sandbox that doesn't include crazy device files.
Any sandbox technology works fine until it isn't. It's not like you could escape Java sandbox, but Java applets were removed from the browsers due to issues being found regularly. In the end, browser sandbox is one of the few that billions of people use and run arbitrary code there every day, without even understanding that. The only comparable technology is qemu. I don't think there are many hosters who will hand off user account to a shared server and let you go wild there.
> Any sandbox technology works fine until it isn't.
Tautology is tautology.
> but Java applets were removed from the browsers
Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.
> hosters who will hand off user account to a shared server
There's lots of CI or function runners that expose docker-like environments.
> Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.
They are comparable because they provided a restricted sandbox to execute untrusted code.
> There's lots of CI or function runners that expose docker-like environments.
These are running inside VMs.
> Java applets were removed from the browsers due to issues being found regularly
Java applets were killed off my MS's attempt at "embrace, extent, extinguish" by bundling an incompatible version of Java with IE, and Sun's legal response to this.
They never worked nice and always felt slow, unreliable and janky at the time. It’s easy to blame MS but no one was sad to see the back of them.
1 reply →
No, Microsoft has nothing to do with it. Browsers are controlled by Google and Mozilla and they decided to block Java plugin.
The Linux API surface is massive. And the fact it's written on C leaves lots of room for vulnerabilities. I don't think you need to reach for a VM, but without a slimmer kernel interface, it's difficult to trust the kernel to actually uphold its required duties in the face of adversaries. This is why folks push heavily for microkernels. Chrome needs to work incredibly hard to provide reliable sandboxing as a result.