undefined | Better HN

story

0 pointsmlinksva2y ago0 comments

Thanks for explaining and for your work!

Not sure I have questions, just generally interested in making it easier/lighter weight/built-in to constrain ambient authority (for example, to mitigate supply chain risks), thus have it be done more.

The Polyglot sandfox feels very loosely analogous to Deno per process (and thus subprocess) permissions, though it looks like ISOLATED and UNTRUSTED can limit a bunch of things not possible with Deno.

0 comments

grashalm2y ago

We do not do process isolation yet, although we have plans to implement that as well as a fallback strategy.

The advantage of the native-image-isolate-based isolation is that it is much more lightweight. For example, calls from and to the host application are much faster. There is no copying or expensive synchronization necessary. The disadvantage is that we need to do our own protections against attacks, as the OS protections between processes don't apply to such isolates. By default, we deploy software/compiler-based protections but are also very close to supporting hardware like Intel MPK.

If you have more questions, you can also drop by on Slack; we are a friendly bunch: https://www.graalvm.org/slack-invitation/

j / k navigate · click thread line to collapse

0 comments

grashalm2y ago

We do not do process isolation yet, although we have plans to implement that as well as a fallback strategy.

If you have more questions, you can also drop by on Slack; we are a friendly bunch: https://www.graalvm.org/slack-invitation/

j / k navigate · click thread line to collapse