ansaurus

Question

Answer 1

+1 A:

The answer will likely be language specific. Unfortunately most languages don't have built-in sandboxing capabilities. But functional languages tend to be powerful enough that one can be built from scratch without extending the language.

In Tcl the basic mechanism is to create slave interpreters:

interp create -safe sandbox
interp eval sandbox $set_up_code
set result [interp eval sandbox $unsafe_code]

slebetman 2010-01-03 12:16:52

Answer 2

+7 A:

read about API hooking, for example sandboxie hooks Windows kernel to filter all api calls to filesystem and redirects it results to sandbox, you could hook APIs and filter it, pass only valid parameters, return errors for invalid calls

for API hooking you will find plenty materials on the net, try on codeproject.com

Bartosz Wójcik 2010-01-03 12:33:17

+1 for sandboxie, I love that program... At least, I did, before I got Win64 :(

BlueRaja - Danny Pflughoeft 2010-01-10 18:27:23

Answer 3

+3 A:

You might also look at jails in FreeBSD. These are the FreeBSD equivalent of sandboxes.

The source code for jail is available (though you'll have to understand the rest of the FreeBSD code as well.)

Chip Uni 2010-01-03 21:46:26

I was going to suggest the same thing..

Earlz 2010-01-12 22:33:06

Answer 4

+6 A:

The members of http://sandboxing.org may have some good advice for you.

Michael Stone 2010-01-07 15:50:21

Answer 5

+4 A:

Google's Chromium uses sandboxing and has several documents about it:

el.pescado 2010-01-07 15:56:42

Answer 6

+3 A:

A simple sandbox would simply be an environment in which you let 'something' execute, but restrict what it can do.

Typically, this "something" is an already-existing language, like Java, or JavaScript, or C#, or native code. Java has 'sandboxing' apis for applets and so on, and .NET has various 'trust' levels, JavaScript has the bounds placed on it by the interpreters (browsers).

So it's a little weird to "write" your own sandbox unless you also have a language you want to sandbox.

Do you have such a language? What do you want to learn about, specifically?

Noon Silk 2010-01-08 03:19:40

ooooh.. Then I'm not at all referring to language sandbox which lay restrictions on what users can write. I'm referring to sandbox that is in chrome, which restricts the access to system resources. Like a antivirus sandbox which lets the application to run but intercepts every malicious attempt and informs the user.

claws 2010-01-08 04:58:20

claws: That's the same thing; the antivirus just tries to look at what function calls the native app is making, and tries to decide whether or not it is "legitimate". You know what you may find fun; Aspect Orientated Programming. C# as 'PostSharp', Java has a framework as well. It lets you hook all sorts of function calls and then do various things at those points. It may let you explore the idea (but it's not a real "sandbox"). If you want to learn about the security-concept (i.e. exactly how it's done) look into the .NET Trust Levels (but be prepared to get very bored :P). Hope this helps.

Noon Silk 2010-01-08 05:13:02

Answer 7

+2 A:

This is very dependent on what do you want to sandbox. If it is a full-blown system with multiple interfaces/languages available, you really do not want to re-invent the wheel, but run a virtual machine in VirtualBox, QEmu or some other alternative

In any case, a sandbox IS, at least on some level a virtualization of the system you are 'supposed to be' running...

If you need to sandbox applications for a single (interpreted) language, modifying the interpreter sound like a sensible approach.

Kimvais 2010-01-08 09:58:34

`sandboxie` is the software that exactly describes what I had in my mind.

claws 2010-01-11 08:42:57

ansaurus

tags:

views:

answers:

Want to learn about Sandboxing

related questions