Hacker News new | past | comments | ask | show | jobs | submit login

While most computers are personal computers, which have a single real human user, you still have to run a lot of untrusted programs, like the Internet browsers or whatever programs you might download from dubious sources.

While perhaps the term "user" is no longer the best, there is a need even more than before to run programs with limited rights, corresponding to the rights of some pseudo-users, which should not be able to access or modify anything belonging to the real human user, unless a special permission is granted.




Android works like this. It's linux based and runs every app as its own user. On top of that it adds SELinux and many other isolation strategies.

https://source.android.com/docs/security/app-sandbox


So, basically all my sandbox concerns go away if I run as root and every browser runs as its own user




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: