On 2/13/13 7:25 PM, Robert O'Callahan wrote:
I also think that sandboxing the engine is not interesting. Assuming you're talking about OS-level process sandboxing, there's no risk there; we know browser engines can be sandboxed that way.
I don't plan to spend time on the OS-specific parts of this. (This is basically a sunk cost anyway, at least on the Mac; there is already a sandbox file for the Mac in the tree.)
Mostly I want to emphasize that we should avoid architectural decisions that make it difficult to sandbox later. For example, writing to trusted filesystem locations should be mediated through the browser process so that we don't have to go back and patch up all the places that do this later when we do decide to sandbox.
Patrick _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo