| ▲ | pizlonator a day ago | |
I think Rust is great for sandboxing because of how Rust has basically no runtime. This is one of the nice things about rust! Go has the same problems I’m describing in my post. Maybe those folks haven’t done the work to make the Go runtime safe for sandboxing, like what I did for Fil-C. | ||
| ▲ | loeg a day ago | parent [-] | |
Sure, but even just setuiding to a restrictive uid or chrooting would go a long way, even in a managed runtime language where syscall restrictions are more challenging. | ||