IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sandbox]

A sandbox is a security mechanism for containing and restricting untrusted programs. Such programs could contain malicious code, which would otherwise harm the user's system.

195 questions
54
votes
6 answers

If malware does not run in a VM why not make everything a VM?

There is a lot of malware that can detect whether it is running inside a VM or sandboxed environment and if such environment is detected it can conceal it self and not execute. So why not make everything a VM? Now all systems are safe! I know not…
Marcus
  • 1,145
  • 1
  • 8
  • 12
46
votes
3 answers

Docker as a sandbox for untrusted code

I have created a web application that among other things allows users to write, compile and execute code (Java, C#). The application creates a Docker container for every user where compilation and code execution takes place. I have taken the…
Hartger
  • 571
  • 1
  • 5
  • 7
29
votes
7 answers

Reading physical memory frame previously owned by another process to read contents of its memory page

I had a conversation with @anger32 who states that zeroing a physical memory page frame when passing the page backed by that frame to another process is not the responsibility of OSes like Windows and Linux (though they do that, they don't guarantee…
KOLANICH
  • 892
  • 6
  • 14
27
votes
2 answers

How is Sandboxing implemented?

What I would like to know is two fold: First off, what is sandboxing? Is it the trapping of OS system calls and then secondly deciding whether to allow it to pass through or not? How is it implemented to begin with? Would it be by way of hooks in…
David J
  • 281
  • 4
  • 5
27
votes
6 answers

Why is it considered safe to install something as a non-root user in Linux environments?

We always hear it is safe to run unknown programs as non-root users in Linux because non-root users are sandboxed from the system level and can't change anything out of their permission scope. If need be, as root user one can always delete a…
user1717828
  • 2,392
  • 13
  • 19
24
votes
3 answers

Why aren't applications sandboxed in Windows?

Sandboxing seem to be a way to restrict what an application can do. Today, I don't have much control of what my applications do with my computer. It feels more secure to use JavaScript based web applications than run native applications on my…
Jonas
  • 5,063
  • 7
  • 32
  • 35
24
votes
3 answers

Java SE 8, Update 51 Added "Native Sandbox" Protection for Windows PCs. Wait, what?

So I was doing a little research about differences (if any) between the sandboxing models for Windows 8/8.1 applications and windows 10 applications when I stumbled across something rather interesting: when Oracle shipped Java package 8 update 51 a…
mostlyinformed
  • 2,715
  • 16
  • 38
19
votes
2 answers

Using iframes to sandbox untrusted code

I'm trying to create an extensible platform, where my site will provide a model and some views (both client-side, in the browser) and third party sites may add their own views as well. The goal here is that only my model will make HTTP requests to…
mgibsonbr
  • 2,905
  • 2
  • 20
  • 35
18
votes
3 answers

Best method to sandbox X applications in ubuntu

What's the best way to sandbox an X application like firefox or thunderbird in ubuntu (going into the direction of what qubes os does, but only for single applications)? I know there are many different sandboxing technologies. For example Just…
student
  • 1,433
  • 4
  • 15
  • 23
17
votes
5 answers

The Perfect Mousetrap - Can a sandbox system be designed such that it's identical to an actual computer?

In testing suspicious files for malware, the typical method is to search for known malicious code. This is why zero-day malware attacks can be so dangerous — their malicious code is previously unknown to antivirus software. The ideal solution is to…
TheEnvironmentalist
  • 505
  • 3
  • 10
17
votes
5 answers

Monitoring system calls (in a reliable and secure way)

It there a reliable method of “monitoring” system calls under Linux? There is strace for example to monitor system calls and signals. Is there a way for a process to dodge out of strace? If yes, is there another reliable, secure method of…
Grzegorz Wierzowiecki
  • 657
  • 1
  • 6
  • 15
17
votes
1 answer

Vulnerability in popular Javascript Framework (Angularjs)

I found a bug that allows you to escape the AngularJS template sandbox. Angular is a mustache based template language. It allows you to put expressions that are evaluated in your html. For example, {{1+1}} renders at 2 The sandbox makes it so users…
ialexander
  • 311
  • 2
  • 9
14
votes
5 answers

Sandboxing untrusted user-supplied code in a web application

I am trying to create a programming game where user-supplied programs compete in battle simulations, to be used as a tool to teach and practice programming. (It will likely be a turn-based robot simulation, but for the purposes of this question, it…
Ming
  • 241
  • 1
  • 3
14
votes
3 answers

Do browsers allows pages loaded on one tab to access/intercept/inject data in other tabs?

I was surprised to hear from this Reuters video that it was possible for a page loaded on one tab to access and/or inject data onto another page loaded on a different tab. TL;DW (too lazy; didn't watch) The interviewee in the video suggests that…
jairo
  • 143
  • 1
  • 1
  • 6
13
votes
2 answers

Risks of Using Google Native Client

I was wondering if there were any possible risks in using Google Native Client. I know it is sandboxed, but the idea still seems risky, and at least leaves another route open for compromising your browser.
Magnus
  • 1,154
  • 10
  • 18
1
2 3
12 13