Talk:Sandbox (computer security)

This is the talk page for discussing improvements to the Sandbox (computer security) article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Software Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as Mid-importance). This article is supported by WikiProject Computer Security (assessed as High-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

(no header)

Latest comment: 3 months ago8 comments7 people in discussion

Sandbox é uma caixa ou uma área da memória do computador que alguns dispositivos de segurança , como antivirus por exemplo usam para executar com a autorização do administrador , aqueles programas desconhecidos ou que acabaram de ser baixados da internet evitando assim que ocorram corrupção ou instalação de programas maliciosos. — Preceding unsigned comment added by 177.76.83.175 (talk) 07:16, 11 September 2011 (UTC)Reply

Xxx 83.123.235.65 (talk) 20:35, 1 February 2024 (UTC)Reply

83.123.235.65 (talk) 20:39, 1 February 2024 (UTC)Reply

Where is sandbox???????—Preceding unsigned comment added by 82.2.175.188 (talk • contribs) 18:14, 11 October 2005 (UTC)Reply

Do you mean the Wiki sandbox? It's here: Wikipedia:Sandbox—Preceding unsigned comment added by 84.163.51.139 (talk • contribs) 22:15, 1 November 2005 (UTC)Reply

Links to a few software sandboxes and maybe a few reviews wouldn't have been a bad idea.—Preceding unsigned comment added by 213.100.129.221 (talk • contribs) 17:55, 9 April 2006 (UTC)Reply

I found a nice simple one here http://www.sandboxie.com/—Preceding unsigned comment added by 88.111.68.156 (talk • contribs) 08:32, 2 September 2006 (UTC)Reply

If you are looking for a good, objective review of various products, I would suggest that you consult:

http://www.pcworld.com/businesscenter/article/151706-1/sandbox_security_versus_the_evil_web.html

You may also wish to add in an interesting Info World article that discusses and summarizes Roger Grimes' documented problems with the sandbox theory - http://www.infoworld.com/article/08/06/09/24TC-sandbox-security-fs_1.html Driver Eight77 (talk) 16:12, 2 April 2009 (UTC)Reply

Paragraph about exceptions

Latest comment: 10 years ago3 comments3 people in discussion

Rule-based Execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other apps and have access to the net. It also can control file/registry security (What programs can read and write to the file system/registry) As such, viruses and trojans will have a less likely chance of infecting your PC. The SELinux and Apparmor security frameworks are two such implementations for Linux.

This paragraph is rather hard to understand for people who are not skilled in IT. It is also not obvious why this should be an example for a sandbox. Can somebody clarify that please?

--84.56.144.99 (talk) 13:36, 5 September 2011 (UTC)Reply

If this article is limited to information that can be understood by IT newbies it would be of little use. The topic is inherently complicated. — Preceding unsigned comment added by 124.171.20.238 (talk) 21:39, 9 December 2011 (UTC)Reply

There are some very informative articles on Wikipedia about other highly technical subjects. If you already know the subject, then you don't need to be reading Wikipedia about it. Wikipedia is specifically FOR newbies to topics which people are unfamiliar with. If it wasn't then there wouldn't be any reason to have Wikipedia in the first place. QuintBy (talk) 02:14, 4 August 2013 (UTC)Reply

References

Latest comment: 10 years ago1 comment1 person in discussion

What do you think about include references to "Unix chroot"? Valerio Bozzolan (talk) 16:47, 26 January 2014 (UTC)Reply

Difference between a "sandbox" and a "container"

Latest comment: 9 years ago2 comments2 people in discussion

AFAIK, a sandbox is always for one single application, while a container is for multiple applications. Any other input? User:ScotXW^t@lk 22:04, 27 June 2014 (UTC)Reply

Well, they're similar yet different... "Sandbox" comes from the "old shool" days and it's pretty much associated with chrooting a process, for example. On the other hand, "container" is a newer term, usually associated with operating system–level virtualization. Setups created as sandboxes usually aren't meant to be moved between different hosts, while containers are pretty much made to be easily moved around.

Also, I wouldn't say that sandbox is for one application while a container is for multiple applications. You usually want one application per sandbox or container, as isolating one application is the key; however, nothing puts such restrictions. Though, it also depends what's taken as a single application; for example, a LAMP stack can be treated as one or as many applications. — Dsimic (talk | contribs) 07:53, 2 July 2014 (UTC)Reply

One external link which could be used as a source

Latest comment: 9 years ago1 comment1 person in discussion

http://www.chromium.org/developers/design-documents/sandbox and its subpages, especially the FAQ. --Jerome Potts (talk) 20:33, 29 January 2015 (UTC)Reply

Other technologies to mention

Latest comment: 8 years ago1 comment1 person in discussion

There are a couple of technologies similar to seccomp. An example is capsicum on FreeBSD and pledge on OpenBSD. CloudABI appears to be a similar system. Maybe someone with more insight can add them to the article?--Athaba (talk) 14:09, 10 January 2016 (UTC)Reply

Defenition

Latest comment: 4 years ago1 comment1 person in discussion

What exactly sandbox meaning? and where it come from?At Last ... (talk) 12:56, 12 October 2019 (UTC)Reply

Storage is the correct terminology, not disc.

Latest comment: 4 years ago1 comment1 person in discussion

I revised the third sentence in the first paragraph to "A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space."

The original sentence referred to disc rather than storage, but disc is only one of many types of storage, all of which apply in the statement. That is, neither the type of memory nor the type of storage is relevant - whatever their type, a sandbox typically creates isolated (scratch) memory and storage space for the subject process to utilize.

Also my sense is in general "scratch" memory or storage space can be either isolated or not, depending upon how it's implemented. If so it can, and I suspect often has, been configured to allow access by multiple processes or entire systems with limited or no functional isolation. So perhaps "separate and fully isolated" is more accurate terminology than "scratch" for that sentence as well, such as, including other refinements:

"A sandbox typically provides a tightly controlled set of resources for a guest process to run within, such as separate and fully isolated storage and memory space."

Nonetheless I didn't implement that revision yet, but do support it. So if there are no objections I might study the term "Scratch" and if my current sense is reasonably confirmed invoke the revision later. Or another Wikipedian is welcome to do so as far as I'm concerned.

Please advise if I've erred, composed poorly, or caused any discomfort. Cheers, --H Bruce Campbell (talk) 09:35, 15 January 2020 (UTC).Reply

Added Android as an example of sandbox implementations

Latest comment: 3 years ago1 comment1 person in discussion

I noticed that Android's app sandboxes aren't listed as example, which seems like a pretty large hole since I think they were the first implementation of extensive app sandboxes in a commercial OS (and arguably set the standard for what is now expected security on mobile operating systems).

I am however clearly not unbiased on this, since I work on Android. Just want to make sure others agree this is a reasonable addition. --Dianne Hackborn (talk) 17:04, 2 April 2021 (UTC)Reply

Logic Pro X is Apple the best?

Latest comment: 3 years ago1 comment1 person in discussion

<What programs are better, software, and equipment?> // — Preceding unsigned comment added by 96.227.99.193 (talk) 05:44, 21 May 2020 (UTC)Reply