The way iOS and Fuchsia are dealing with the problem is to completely lockdown the operating system with a tight permissions system. An app can be compromised but the damage is limited. Perhaps it is time for servers to move to a similar model.
You mean cgroups, or zones don’t you? Docker (was, last time I heard) a security disaster, not generating robust layer hashes, lacking user isolation, and plenty just running as root...
> An app can be compromised but the damage is limited
AKA the "we don't care" security model. What exact use is the fact that the web browser is "contained" if it is compromised? The mail client? Your PIM program? On a server, what use is that the database engine is contained if it is compromised?
I am the first to accept the security benefits of sandboxing, but it is just _one_ thing. It doesn't even help against the majority of issues. Not even on Android/iOS.
reply