Attack surface reduction for Sandboxie itself? #3788
Unanswered
bastik-1001
asked this question in
Q&A Feedback
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Does it suit the project to limit the attack surface it may have due to its dependencies, by reducing their function to only what Sandboxie needs? Is that something that is feasible?
Like 7z being able to extract more archives than just what Sandboxie is using, so that one takes 7z and removes everything that is not required. It's bad to re-invent the wheel over and over again, so having dependencies is required at some point, so this is not about getting rid of them, but limiting the harm that can be done. The archiving part is just an example.
It may not fully help in cases, like the xz-library, those need better ways to make something like that harder to pull off, but the impact could still be reduced.
Beta Was this translation helpful? Give feedback.
All reactions