ProgrammerIn-wonderland
commented
3 hours ago Sandboxing has been discussed before and isn't feasible with the current process model, closing
Closed AverseABFun closed 3 hours ago
ProgrammerIn-wonderland
commented
3 hours ago Sandboxing has been discussed before and isn't feasible with the current process model, closing
ProgrammerIn-wonderland
commented
3 hours ago Don't install apps which you don't trust
AverseABFun
commented
3 hours ago Don't install apps which you don't trust
If this is meant to be something like an actual operating system(which it seems like it is) then it should have at least somewhat basic features. I'm also not talking about full-on sandboxing(at least I don't think I am), I'm just suggesting that the more destructive API functions be at least somewhat protected.
ProgrammerIn-wonderland
commented
3 hours ago Well with the current process it just isn't possible to isolate or securely attest what application you are, the reason I'm not doing this isn't because I don't have a desire too, I've long wanted this this feature, it's just not fully possible with the current model. I plan for this to change in the future but all applications will have to be rewritten or run as admin mode.
AverseABFun
commented
3 hours ago Ohh, I see. Yeah I haven't really looked into the internals of processes, and thanks for providing a meaningful answer to why this isn't possible 🙂
Currently, in Anura, there is nothing stopping a malicious app from using
anura.x86.openptyto run arbitrary linux code in the v86 VM, or overwriting data withanura.x86hdd.loadfile, or deleting all data withanura.x86hdd.delete, or a number of other things including killing arbitrary processes withanura.processes.remove. My proposal is to implement basic restrictions on what processes can do, and possibly even creating pop ups asking the user for if they want to allow a certain process to perform certain actions(I'm thinking something like an Android or iOS popup with "Do you want to allow [process name] to run arbitrary commands in your v86 VM?") and requiring the process to first get permission from the user before being able to run some of these functions. These would likely be a pretty big undertaking, as many systems including the permission requesting, a permission manager in settings, and others would need to be implemented before this could be fully resolved.