Hacker News new | past | comments | ask | show | jobs | submit login

In the end I think the solution to these issues will be something like what's promised by the Bytecode Alliance[0]. The idea is you give each package its own WASM sandbox with granular control over its permissions.

That solution also has the benefit of allowing you to call a package from any language from your language of choice.

I highly recommnend reading their the article introducing the idea, its very convincing:

[0] https://bytecodealliance.org/articles/announcing-the-bytecod...




I agree with this. They don’t mention this explicitly in the article, but it has a capability-based security model, which is something I think we desperately need in our OSes. (They do link to a paper about it that mentions this.)

There are a few other such systems that look interesting; Agoric is working on one for JavaScript, Google has a kernel patch set that adds capability support to Linux, and Christopher Lemmer Webber is working on a similar system on top of Racket called Spritely Goblins. I’m excited about all of them though, because it feels like this kind of security model is starting to gain public awareness!


There is also https://xtclang.blogspot.com/

Java, has started going down this route with the new module system and Lookup objects, however, this is mainly for restricted field/method/constructor access. I do hope we will see something similar for File and Network I/O (Random memory access is less of an issue in Java)

I do think we are going to see a lot more of this in the future.


Hear, hear on capability systems, but they seem of limited use confined to specific language implementations, as opposed to the whole system. I wonder what's the Google kernel patch, and how it compares with Capsicum. It's rather tragic to gain public awareness so long after KeyKOS et al...


The kernel patchset I was referring to is https://github.com/google/capsicum-linux - it's a Linux version of Capsicum. Though now that I look at it more closely, it appears to no longer be maintained. :(

That said, the Bytecode Alliance stuff appears to be multi-language, so that's neat! I could see that making WASM runtimes pretty useful even outside the web.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: