From owner-freebsd-hackers Sun Jul 25 11:23:42 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id 43E1B14EAB; Sun, 25 Jul 1999 11:23:37 -0700 (PDT) (envelope-from dcs@newsguy.com) Received: from newsguy.com by peach.ocn.ne.jp (8.9.1a/OCN) id DAA01438; Mon, 26 Jul 1999 03:22:58 +0900 (JST) Message-ID: <379B55C3.433B71B0@newsguy.com> Date: Mon, 26 Jul 1999 03:21:55 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en,pt-BR,ja MIME-Version: 1.0 To: Sue Blake Cc: freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Subject: Re: sandbox?? References: <19990726040233.E7349@welearn.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sue Blake wrote: > > Nobody seems to be confident about the answer to my post to -questions. > Below is the only public answer. It is typical of many private answers > I received from otherwise knowledgeable people willing to make a > partial educated guess but not willing to expose their ignorance > publicly. They're all keen to know whatever I can find out :-) :-) > On Mon, Jul 19, 1999 at 07:58:01AM -0400, T. William Wells wrote: > > In article <19990719212431.D300@welearn.com.au>, > > Sue Blake wrote: > > : Could someone tell me what is a sandbox, what does it do, how does it > > : work, how do I use it, or where is it documented? > > : named(8) and security(8) seem to assume one already knows. > > > > It's a generic term. It refers to a restricted environment in > > which something is to be done. Exactly how a sandbox is > > implemented depends on the specific application. Without having read the references in the files you mentioned, here is my own take on sandbox. In some firewall books I have read, sandbox is used to refer to a machine connected to the net in a "protected" way. Basically, all packets to and from that machine go through a firewall. The machine, though inside the firewall, is isolated from the rest of the internal network. The sandbox can then be used to provide services in a more or less secure way. It cannot threat the internal network, because it can reach it even if breached, and it is not as exposed as it would be outside the firewall. If *think* this definition was given in the book by the TIS people, but, alas, I haven't read about firewalls in two years, and my firewall books are 12 thousand km away. And notice, too, that I'm *not* refering to the hacker's trap, whose name I can't recall right now. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org "Is it true that you're a millionaire's son who never worked a day in your life?" "Yeah, I guess so." "Lemme tell you, son, you ain't missed a thing." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message