Date: Sun, 25 Jul 1999 20:35:20 +0200 From: Mark Murray <mark@grondar.za> To: Sue Blake <sue@welearn.com.au> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Subject: Re: sandbox?? Message-ID: <199907251835.UAA63806@gratis.grondar.za>
next in thread | raw e-mail | index | archive | help
Sue Blake wrote: > > Nobody seems to be confident about the answer to my post to -questions. > Below is the only public answer. It is typical of many private answers > I received from otherwise knowledgeable people willing to make a > partial educated guess but not willing to expose their ignorance > publicly. They're all keen to know whatever I can find out :-) The usual use of the term "sandbox" means "restricted environment". A chroot(3) can be used to build this, and jail(3) is a stronger version, although this is not a usual use for the term. The term is popular in Java where it it implies that the (possibly hostile) applet _cannot_ do anything dangerous, because the environment it runs in has no API that allows this (like the applet cannot open arb files). The term "sandbox" in inetd.conf refers to a "su - <safe_user>; chroot <safe_dir>; <app>" environment (I think) so that <app> cannot do any damage even if compromised. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907251835.UAA63806>