| |||||||||||||
Why not sandbox it?Why not sandbox it?Posted Jun 14, 2007 5:51 UTC (Thu) by eru (subscriber, #2753)Parent article: BadBunny? Only if you invite it in I don't buy this idea that an office suite must have a fully virus-capable macro language to be competitive. It would not limit much the useful capabilities of the language if it operated by default in a sandbox, where it cannot access anything outside the document currently being worked on without asking the user for permission with a dialog box that makes clear the request comes from a potentially dangerous macro. Some capabilities should be forbidden totally, like starting programs, or creating or modifying executable files. By the way, a MS Office-style "security setting" of asking the user permission before running macroes in a document is totally useless. In corporations, many documents are based on templates with macroes, so you would get the silly question every time unless you turn the check off. Far better to ask permission for a possibly dangerous access, not merely starting a macro.
(Log in to post comments)
capabilities Posted Jun 14, 2007 6:31 UTC (Thu) by zooko (subscriber, #2589) [Link] Hopefully someday such macros will be run with capability-based access control. That would prevent the code from exercising authority that was not granted to it, as well as allowing it to exercise authority that was granted to it. A user interface such as CapDesk, Polaris, or Plash would allow the user to grant authorities *without* pop-up dialog boxes, thus improving on both the security and the ease-of-use of current access control paradigms.
|
|||||||||||||