| ▲ | Bender 7 hours ago | |
As someone that does this, it's Turtles All The Way Down [1]. Every layer has escapes. I require people to climb up multiple turtles thus breaking most skiddie [2] scripts. Attacks will have to targeted and custom crafted by people that can actually code thus reducing the amount of turds in the swimming pool I must avoid. People should not write apps that make assumptions around accessing sensitive files. [1] - https://en.wikipedia.org/wiki/Turtles_all_the_way_down | ||
| ▲ | bjackman 4 hours ago | parent [-] | |
It's turtles all the way down but there is a VERY big gap between VM Isolation Turtle and <a half-arse seccomp policy> turtle. It's a qualitative difference between those two sandboxes. (If the VM is remote, even more so). | ||