try Hardened mode?

Hardened mode?

Open ezrizhu opened this issue 1 year ago • 2 comments

Perhaps a flag for a hardened mode which uses a separate network stack and only expose some /dev files (e.g., null, (u)random, zero).

Something that makes sudo ./try rm -rf / not affect the host system.

Jun 25 '23 01:06 ezrizhu

@mgree Thoughts?

Jun 25 '23 02:06 ezrizhu

I think we shouldn't call anything try does 'hardened', because that seems to make a security claim we're not really going to be able to backup.

But I think there are good moves to make in this direction:

We should have tests that do really risky things (in CI).
We should by default only be mapping the safe /dev files I outlined before.
I don't think the separate network stack is super material here, though having a flag to turn off network access makes sense.

Jun 25 '23 13:06 mgree

All of this has been done except for #127.

Oct 20 '23 13:10 mgree