06 Jan 2018 - by 'Maurits van der Schee'
Our worst fears have been proven true. Sandboxed code execution on most Intel chips in the past 20 years has been unsafe. And it's even worse than that: there is no fix, as Intel has been trading security for performance with a technology called "speculative execution". For more information read about the Meltdown and Spectre CPU flaws. This post will explain the impact and what we can do about it.
People laugh at me when I tell them running untrusted code in a sandbox is doomed to fail.
"Dependencies are an underestimated risk and sandbox isolation is no reason to skip proper security screening."
Instead of crying out "I told you so" and "the world has come to an end" let's be realistic and constructive. When the number of dependencies is low and the dependencies are open source, popular and signed then the risk is lowered as these packages can, and will be, reviewed. I don't see the need for virtual machines or containers outside a lab setup and I really don't understand why anyone would use them in production. If you do, then you are trading security for convenience or cost reduction and that does not sound right to me.
"Don't use virtual machines or containers in production: You're trading security for convenience."