Sandboxing Adoption in Open Source Ecosystems
Maysara Alhindi, Joseph Hallett
TL;DR
This paper investigates the adoption and usage patterns of sandboxing mechanisms in open-source ecosystems, revealing low direct usage but widespread indirect application and identifying challenges to broader adoption.
Contribution
It provides the first comprehensive analysis of sandboxing mechanism usage across multiple open-source operating systems, highlighting usage patterns and adoption challenges.
Findings
Less than 1% of packages directly use sandboxing mechanisms
Many packages indirectly benefit from sandboxing
Identifies challenges hindering widespread adoption
Abstract
Sandboxing mechanisms allow developers to limit how much access applications have to resources, following the least-privilege principle. However, it's not clear how much and in what ways developers are using these mechanisms. This study looks at the use of Seccomp, Landlock, Capsicum, Pledge, and Unveil in all packages of four open-source operating systems. We found that less than 1% of packages directly use these mechanisms, but many more indirectly use them. Examining how developers apply these mechanisms reveals interesting usage patterns, such as cases where developers simplify their sandbox implementation. It also highlights challenges that may be hindering the widespread adoption of sandboxing mechanisms.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsOpen Source Software Innovations