macOS. Not much interested in VMs, for efficiency. Yeah I was playing with a sep... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		vemv on Aug 4, 2018 \| parent \| context \| favorite \| on: The default OpenSSH key encryption is worse than p... macOS. Not much interested in VMs, for efficiency. Yeah I was playing with a separate user account, could get some basics working but I wonder how far could I get with that. What are the bigger security risks for that approach? Assuming constrained file permissions, and that no secrets are in ENV (https://gist.github.com/telent/9742059 )

angry_octet on Aug 5, 2018 [–]

A normal user has full access to the kernel API. Always kernel info leaks, occasional easy exploits.

On macos you can use Apple's native sandboxing. See for example http://mybyways.com/blog/creating-a-macos-sandbox-to-run-kod...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact