I think a really useful piece of information here is why did the Java SecurityManager fail. People talk about sandboxing library code but this is literally what the SecurityManager made possible ages ago. But virtually zero applications make widespread use of the SecurityManager to isolate library code.
Was it a question of being too soon? Was it horribly un-ergonomic (this is the explanation I usually hear)? Did its features not actually match what developers need?
It feels like callstack based permissions are a natural solution to "holy shit my json deserialization code is deleting files on disk" but there clearly is some trap hidden here that caused old solutions to fail.
I personally really like the way wasm modules work. The modules all have a particular interface so you know exactly what they can do to the outside world, it's very clean.
Was it a question of being too soon? Was it horribly un-ergonomic (this is the explanation I usually hear)? Did its features not actually match what developers need?
It feels like callstack based permissions are a natural solution to "holy shit my json deserialization code is deleting files on disk" but there clearly is some trap hidden here that caused old solutions to fail.