| ▲ | nicce 3 days ago |
| What evidence is telling the opposite? Scripts use V8 isolation, identical to Chrome.
What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context. |
|
| ▲ | arbll 3 days ago | parent | next [-] |
| Identical to Chrome except the part where Chrome uses os-level sandboxing on top. V8 exploits are common, Deno sandboxing by itself is not a good idea if you are executing arbitrary code. |
| |
| ▲ | nicce 3 days ago | parent [-] | | We are comparing to situation where the alternative is nothing. Maybe we just should remove locks from the doors because someone has lockpicked door somewhere. | | |
| ▲ | arbll 3 days ago | parent [-] | | I never said it was a poor choice in this specific context but propagating the idea that Deno's sandboxing is safe and "basically the same security as chrome" is wrong and can easily do damage the next time someone that has read this thread needs a way to execute untrusted JS. | | |
| ▲ | nicce 3 days ago | parent [-] | | Someone who understands what V8 isolation means, knows that it means process-level memory and garbage collectors. I didn't claim that it includes Chrome's OS sandbox features too. But the usage of V8 means that Deno must explicitly provide the access (for V8) for networking and filesystem - the foundations for sandboxing are there. |
|
|
|
|
| ▲ | 3 days ago | parent | prev [-] |
| [deleted] |
