> Luckily, we only need this for untrusted code. What really peaves me is that trusted code is now having to run slower as well.
Realistically though, most userland software falls into that category nowadays:
- JS-driven web apps like GSuite
- Sandboxed "App Store" apps on mobile and even desktop
- Potentially any other desktop app that is exposed to content originating from the web or email (e.g. Acrobat, desktop Office, etc.)
I wonder if security models need to become less black-and-white, with a middle tier of trust for apps or domain names that should still be sandboxed but are trusted enough that we're willing to trade some risk of timing exploits for improved performance?
Realistically though, most userland software falls into that category nowadays:
- JS-driven web apps like GSuite
- Sandboxed "App Store" apps on mobile and even desktop
- Potentially any other desktop app that is exposed to content originating from the web or email (e.g. Acrobat, desktop Office, etc.)
I wonder if security models need to become less black-and-white, with a middle tier of trust for apps or domain names that should still be sandboxed but are trusted enough that we're willing to trade some risk of timing exploits for improved performance?