Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Jul 1999 20:35:20 +0200
From:      Mark Murray <mark@grondar.za>
To:        Sue Blake <sue@welearn.com.au>
Cc:        freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG
Subject:   Re: sandbox?? 
Message-ID:  <199907251835.UAA63806@gratis.grondar.za>

next in thread | raw e-mail | index | archive | help
Sue Blake wrote:
> 
> Nobody seems to be confident about the answer to my post to -questions.
> Below is the only public answer. It is typical of many private answers
> I received from otherwise knowledgeable people willing to make a
> partial educated guess but not willing to expose their ignorance
> publicly. They're all keen to know whatever I can find out :-)

The usual use of the term "sandbox" means "restricted environment".
A chroot(3) can be used to build this, and jail(3) is a stronger
version, although this is not a usual use for the term. The term
is popular in Java where it it implies that the (possibly hostile)
applet _cannot_ do anything dangerous, because the environment it
runs in has no API that allows this (like the applet cannot open
arb files).

The term "sandbox" in inetd.conf refers to a "su - <safe_user>;
chroot <safe_dir>; <app>" environment (I think) so that <app> cannot
do any damage even if compromised.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907251835.UAA63806>