sandbox != capability access control
Posted May 19, 2006 3:40 UTC (Fri) by zooko
In reply to: sandbox != capability access control
Parent article: .desktop files and security
Perhaps Alan Karp did use that terminology. Indeed, the first sentence of http://plash.beasts.org says "Plash is a system for sandboxing GNU/Linux programs.".
However, Plash (and Polaris) are doing something new that the Java sandbox paradigm did not do, namely dynamically extending the privileges available to the constrained code by observing what actions the user is asking the constrained code to perform.
We ought to use different terminology in order to make it clear to people that Plash and Polaris are not merely another attempt at implementing the failed Java sandbox paradigm. I've already made this suggestion in private e-mail to Mark Seaborn (of Plash). Now I'll make the same suggestion to Alan Karp.
to post comments)