On Mon, Nov 4, 2013 at 11:14 PM, drago01 <drago01(a)gmail.com> wrote:
On Mon, Nov 4, 2013 at 11:11 PM, Kevin Kofler
<kevin.kofler(a)chello.at> wrote:
> Bastien Nocera wrote:
>
> [> Lars Seipel wrote:]
>>> You then basically need all that container stuff just so you can be a
>>> little less scared at some application developer's broken attempts to
>>> "enhance your user experience" by installing suid-root helpers or
stuff
>>> like that.
>>
>> Which they wouldn't be able to because it'd be sandboxed...
>
> That's his point. We need all the overhead of a sandbox just to (attempt to)
> prevent apps from doing such nasty things, a problem we don't have in the
> world of trusted repositories.
Wrong.
Nothing prevents users from downloading and running stuff from the web
right now. We have no sandbox.
Err "we have no sandbox so adding one would help not not hurt"