Posted Jun 14, 2007 6:31 UTC (Thu) by zooko
In reply to: Why not sandbox it?
Parent article: BadBunny? Only if you invite it in
Hopefully someday such macros will be run with capability-based access control. That would prevent the code from exercising authority that was not granted to it, as well as allowing it to exercise authority that was granted to it. A user interface such as CapDesk, Polaris, or Plash would allow the user to grant authorities *without* pop-up dialog boxes, thus improving on both the security and the ease-of-use of current access control paradigms.
to post comments)