In a cabsec world, I would just not supply it with the ability to write to the sound channel, and it would still work. It's the inability to express my desire to simple NOT MAKE SOUND that is frustrating. Sound is a simple thing that doesn't permanently affect my system, I also have no way to express other, more crucial limits.
This is the heart of cabsec, the ability to explicitly supply capabilities to a program, instead of having to manually block off everything.
No comments:
Post a Comment