[opensource-dev] Known details of LL 'Firefly' client-side scripting

[Dzonatas Sol]

Somewhere on this list in the past is a discussion about how to sign off 
on scripts and such data for distribution. Those points have already 
been made.

What the sandbox model does is allow people to setup a default 
permission scheme and allow processes to migrate within the sandbox 
without the constant nag "do you want to allow this to run on your 
computer".

Instead, you get something like facebook that says "program XYZ request 
this specific permission, do you allow". If a program doesn't need those 
extra permissions then the sandbox model won't nag at all.

If you want to redesign years of study put into the linux emulator, its 
permissions, and its protection levels, to make-up your own homebrew 
sandbox, then go right ahead and worry about remote execution.

Argent Stonecutter wrote:
> On 2010-03-17, at 14:14, Dzonatas Sol wrote:
>> It's still the same concept: to download and install...  they are 
>> overused buzzwords that make people think there are some elaborate 
>> separations for the basic ideas on how to migrate processes.
>
> That's because there are. One requires a human in the loop to decide 
> "I'm going to deliberately choose to trust this piece of code". Not 
> just "approve" it, but to actively seek it out and pull it in. The 
> other allows drive-by attacks at the speed of broadband.
>
> It's the difference between an automated remote execution attack and a 
> social engineering attack.
>