software: making it safer to run random programs

I was dubious about Google’s new Fuchsia operating system, but it has some very interesting ideas, including capability-based execution. Programs that can do nothing until you grant them capabilities are so much better – I hate downloading some Windows .EXE game editor or utility that could literally do anything to my computer. But similar functionality is coming to existing operating systems:

  • Sandboxing of random binaries is getting easier, though still way too fiddly.
  • More programs are being written or recompiled to run in a browser, where I’m confident they can’t read and write random files.
  • Flatpak‘s sandboxing of portable Linux application binaries by default is good, and the innovation of programs invoking user-controlled portals implemented by the toolkit that provide well-defined functionality to open or save documents, print, turn on the camera, etc. is great.
  • The WASI WebAssembly System Interface defines a runtime with capability-based security for portable WebAssembly programs. “Write Once Run Anywhere” lives again 😉!

Or write a new operating system

If you’re looking for O.S. innovation besides Fuchsia, Redox OS is a very interesting micro-kernel O.S. written in Rust based around I/O access where every path is a URL in a scheme (e.g. pipe:, initfs:, etc. schemes in its kernel and disk:, file:, ip:, etc. schemes running in userspace). And now there’s Theseus OS also written in Rust, which trusts the security guarantees of Rust code to “execute everything in a single address space and at a single privilege level” 😮. The former is close to being able to run emulators and the latter can now run Wasm/WASI programs, which helps with the problem of few programs that can run on a new O.S. And there’s progress in writing safer Rust stdlib implementations that use capabilities and/or can’t open random files (everything is an openat2() that can only opens files under file descriptors that the environment provides).

There’s lots of good interesting stuff happening at multiple levels. Disclaimer: I only have a weak understanding of all of this.

About skierpage

As you might guess, my site is mine. My info is at .
This entry was posted in open source, software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.