Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Smart users don't like installing every little thing they want to try and giving them all full unsandboxed access to their computer.

On the desktop, the easiest way to run an app in a sandbox is if it's a web app that runs in the browser's sandbox to begin with.



As long as we're trending towards web-apps having native apps' functionality then that distinction will soon be meaningless. Native apps are already sandboxed in various ways. Process integrity levels, VM protection, low privileged execution, call gating, ACLs, MAC, etc etc. All these technologies already exist and are already being used in various ways. Any systems level programmer should already be aware of those.

The browser is fast becoming the "OS" and most browsers are several order of magnitudes more bloated than mainstream kernels, not to mention horrendously insecure - if we're worried about security, then browser vendors are the last people I would trust for anything important.


Unless you're running a very unusual OS setup, any native app by default has read and write access to all of your files without asking.

I feel pretty comfortable assuming that www.randomwebapp.com isn't reading and uploading my ~/.ssh and ~/.gpg, otherwise I'd be terrified of using the web at all.


>Unless you're running a very unusual OS setup, any native app by default has read and write access to all of your files without asking.

That's partially true. By default, it cannot access any system files, or change any system settings without admin privileges. Admin access is also required to authorize a firewall exception if it wants to use the network. And you have the choice to arbitrarily restrict a software's read/write access to locations of your choosing. You might call that unusual, but such restrictions are common in managed environments.

>I feel pretty comfortable assuming that www.randomwebapp.com isn't reading and uploading my ~/.ssh and ~/.gpg, otherwise I'd be terrified of using the web at all.

Your comfort is misplaced. There are FAR more browser vulnerabilities (including chrome, firefox) allowing code execution than there are OS kernel and CPU vulnerabilities allowing you to break out of the native apps' sandbox.


Wait, what native app sandbox are you talking about? Any executable I run has access to my files, and that's how it works on every OS I've ever used.

I am too trusting of browser security though, you're right about that...


There are tons of sandbox type features in most modern OSs to prevent apps from interfering with each other. For e.g..

1) Virtual memory protection (can't access other app's memory)

2) Protection rings (safe transfer from UM to KM for system calls)

3) User interface isolation (one process can't interact with another's UI)

4) I/O privilege levels (prevents one rogue app from causing I/O starvation)

5) Process Integrity Levels. You can run apps under your own identity (be it super user or admin or regular user) but assign them reduced permissions as far as accessing data goes. You can run at-risk apps this way so that they can run without having access to any of your data.

6) You can restrict access to various other things in addition to the data using ACLs (network, device drivers, etc).

7) ABI level isolation using user mode kernels ("Library OSs").


Yes and these protections are only used to their full potential on something like iOS. On Windows, macOS, and Linux these are not used to defend your data or system out-of-the-box like they are in a browser.

A massive wall with an open gate isn't much of a wall.


Actually, browsers use these very same techniques to make web-apps more secure !!


Depends. On Windows? Sure, I freaking hate installing software on Windows. On Mac or Linux? Meh, not an issue for me.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: