Comment by Groxx

3 days ago

And tons won't be part of e.g. root, or dialout (to pick one I've had to deal with a lot lately), or many other more-privileged-than-default groups, yes. That's a permissions system working as intended.

Besides. They said "all software on your machine". That is trivially false, to a significant degree.

3 comments

Groxx

Reply
ImPostingOnHN  2 days ago

I was pointing out that the claim that "literally a majority of all software on your computer" runs sandboxed is also trivially false, to a significant degree

  • Groxx  2 days ago

    A majority have more access controls than obsidian plugins, yes. I think that's fairly safe to say, given that new system installs often have hundreds of processes already running.

    Sandboxing, at least in the sense of easily configurable access with default deny on most even somewhat sensitive things: agreed, sandboxing is fairly uncommon in general, definitely not a majority on most systems. When ignoring the elephant in the room: mobile OSes.

    • ImPostingOnHN  2 days ago

      > A majority have more access controls than obsidian plugins, yes

      A majority run as me, a minority run with root privileges.

      > I think that's fairly safe to say, given that new system installs often have hundreds of processes already running.

      Precisely! Those hundreds of pre installed processes are running without sandboxing, or any access control beyond what Obsidian has.

      For example, did you know you can just `ls` a directory, or `cat` a file, and both of those applications will run with full, unsandboxed, unrestricted access as you? And there are countless preinstalled applications just like those.