dz...@disroot.org writes:
> June 15, 2021 7:32 PM, "Claudio Jeker" <cje...@diehard.n-r-g.com> wrote: >>> [...] It's on the official domain, so I've assumed that it was a >>> trustworthy source - I guess not? Did a hacker put it there? >> You are just trolling around. > Sorry, I was just a bit salty because of that "paper" about sandboxes. > The main point of my original post was to: > 1. show the issue (and find out if it's even an issue) > 2. find out why it's that way - since OpenBSD is a security-oriented OS, > I've wrongly assumed that there would be some documents explaining every > decision. I've been very interested in stuff related to OS security, > so I thought that it would be pretty interesting. > > However, the first email I've opened contained two links - one to > a paywalled document, the second to that kids' sandbox bullshit. > Then I've read Theo's insightful point about sandboxes being for kids. > Go figure. The first link was to the paper: "A systematic analysis of the science of sandboxing" Maass, et.al. (2016). PeerJ Computer Science 2:e43 It is most certainly not paywalled. Maybe you can try this one? https://peerj.com/articles/cs-43/ I still recommend you read it if you're going to approach folks with suggestions of building "sandboxes" as you did. An excerpt from the abstract: "We systematically analyze a decade of sandbox research from five top-tier security and systems conferences using qualitative content analysis, statistical clustering, and graph-based metrics to answer these questions and more. We find that the term 'sandbox' currently has no widely accepted or acceptable definition." Five years later and I'd reckon the same conclusions hold. -dv
