| ▲ | cjalmeida 4 days ago | |
It was too complex. Just making system calls require white listing libraries goes a long way of preventing a whole class of exploits. There’s no reason a color parser, or a date library should require network or file system access. | ||
| ▲ | 0xDEAFBEAD 3 days ago | parent [-] | |
The simplest approach to whitelisting libraries won't work, since the malicious color parser can just call the whitelisted library. A different idea: Special stack frames such that while that frame is on the stack, certain syscalls are prohibited. These "sandbox frames" could be enabled by default for most library calls, or even used by developers to handle untrusted user input. | ||