Talk:Sandbox (computer security)

This is the talk page for discussing improvements to the Sandbox (computer security) article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Computing: Software Mid‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Mid

This article has been rated as Mid-importance on the project's importance scale.

This article is supported by WikiProject Software (assessed as Mid-importance).

This article is supported by WikiProject Computer Security (assessed as High-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

(no header)[edit]

Sandbox é uma caixa ou uma área da memória do computador que alguns dispositivos de segurança , como antivirus por exemplo usam para executar com a autorização do administrador , aqueles programas desconhecidos ou que acabaram de ser baixados da internet evitando assim que ocorram corrupção ou instalação de programas maliciosos. — Preceding unsigned comment added by 177.76.83.175 (talk) 07:16, 11 September 2011 (UTC)[reply]

Xxx 83.123.235.65 (talk) 20:35, 1 February 2024 (UTC)[reply]

83.123.235.65 (talk) 20:39, 1 February 2024 (UTC)[reply]

Where is sandbox???????—Preceding unsigned comment added by 82.2.175.188 (talk • contribs) 18:14, 11 October 2005 (UTC)[reply]

Do you mean the Wiki sandbox? It's here: Wikipedia:Sandbox—Preceding unsigned comment added by 84.163.51.139 (talk • contribs) 22:15, 1 November 2005 (UTC)[reply]

Links to a few software sandboxes and maybe a few reviews wouldn't have been a bad idea.—Preceding unsigned comment added by 213.100.129.221 (talk • contribs) 17:55, 9 April 2006 (UTC)[reply]

I found a nice simple one here http://www.sandboxie.com/—Preceding unsigned comment added by 88.111.68.156 (talk • contribs) 08:32, 2 September 2006 (UTC)[reply]

If you are looking for a good, objective review of various products, I would suggest that you consult:

http://www.pcworld.com/businesscenter/article/151706-1/sandbox_security_versus_the_evil_web.html

You may also wish to add in an interesting Info World article that discusses and summarizes Roger Grimes' documented problems with the sandbox theory - http://www.infoworld.com/article/08/06/09/24TC-sandbox-security-fs_1.html Driver Eight77 (talk) 16:12, 2 April 2009 (UTC)[reply]

Paragraph about exceptions[edit]

Rule-based Execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other apps and have access to the net. It also can control file/registry security (What programs can read and write to the file system/registry) As such, viruses and trojans will have a less likely chance of infecting your PC. The SELinux and Apparmor security frameworks are two such implementations for Linux.

This paragraph is rather hard to understand for people who are not skilled in IT. It is also not obvious why this should be an example for a sandbox. Can somebody clarify that please?

--84.56.144.99 (talk) 13:36, 5 September 2011 (UTC)[reply]

If this article is limited to information that can be understood by IT newbies it would be of little use. The topic is inherently complicated. — Preceding unsigned comment added by 124.171.20.238 (talk) 21:39, 9 December 2011 (UTC)[reply]

There are some very informative articles on Wikipedia about other highly technical subjects. If you already know the subject, then you don't need to be reading Wikipedia about it. Wikipedia is specifically FOR newbies to topics which people are unfamiliar with. If it wasn't then there wouldn't be any reason to have Wikipedia in the first place. QuintBy (talk) 02:14, 4 August 2013 (UTC)[reply]

References[edit]

What do you think about include references to "Unix chroot"? Valerio Bozzolan (talk) 16:47, 26 January 2014 (UTC)[reply]

Difference between a "sandbox" and a "container"[edit]

AFAIK, a sandbox is always for one single application, while a container is for multiple applications. Any other input? User:ScotXW^t@lk 22:04, 27 June 2014 (UTC)[reply]

Well, they're similar yet different... "Sandbox" comes from the "old shool" days and it's pretty much associated with chrooting a process, for example. On the other hand, "container" is a newer term, usually associated with operating system–level virtualization. Setups created as sandboxes usually aren't meant to be moved between different hosts, while containers are pretty much made to be easily moved around.

Also, I wouldn't say that sandbox is for one application while a container is for multiple applications. You usually want one application per sandbox or container, as isolating one application is the key; however, nothing puts such restrictions. Though, it also depends what's taken as a single application; for example, a LAMP stack can be treated as one or as many applications. — Dsimic (talk | contribs) 07:53, 2 July 2014 (UTC)[reply]

One external link which could be used as a source[edit]

http://www.chromium.org/developers/design-documents/sandbox and its subpages, especially the FAQ. --Jerome Potts (talk) 20:33, 29 January 2015 (UTC)[reply]

Other technologies to mention[edit]

There are a couple of technologies similar to seccomp. An example is capsicum on FreeBSD and pledge on OpenBSD. CloudABI appears to be a similar system. Maybe someone with more insight can add them to the article?--Athaba (talk) 14:09, 10 January 2016 (UTC)[reply]

Defenition[edit]

What exactly sandbox meaning? and where it come from?At Last ... (talk) 12:56, 12 October 2019 (UTC)[reply]

Storage is the correct terminology, not disc.[edit]

I revised the third sentence in the first paragraph to "A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space."

The original sentence referred to disc rather than storage, but disc is only one of many types of storage, all of which apply in the statement. That is, neither the type of memory nor the type of storage is relevant - whatever their type, a sandbox typically creates isolated (scratch) memory and storage space for the subject process to utilize.

Also my sense is in general "scratch" memory or storage space can be either isolated or not, depending upon how it's implemented. If so it can, and I suspect often has, been configured to allow access by multiple processes or entire systems with limited or no functional isolation. So perhaps "separate and fully isolated" is more accurate terminology than "scratch" for that sentence as well, such as, including other refinements:

"A sandbox typically provides a tightly controlled set of resources for a guest process to run within, such as separate and fully isolated storage and memory space."

Nonetheless I didn't implement that revision yet, but do support it. So if there are no objections I might study the term "Scratch" and if my current sense is reasonably confirmed invoke the revision later. Or another Wikipedian is welcome to do so as far as I'm concerned.

Please advise if I've erred, composed poorly, or caused any discomfort. Cheers, --H Bruce Campbell (talk) 09:35, 15 January 2020 (UTC).[reply]

Added Android as an example of sandbox implementations[edit]

I noticed that Android's app sandboxes aren't listed as example, which seems like a pretty large hole since I think they were the first implementation of extensive app sandboxes in a commercial OS (and arguably set the standard for what is now expected security on mobile operating systems).

I am however clearly not unbiased on this, since I work on Android. Just want to make sure others agree this is a reasonable addition. --Dianne Hackborn (talk) 17:04, 2 April 2021 (UTC)[reply]

Logic Pro X is Apple the best?[edit]

<What programs are better, software, and equipment?> // — Preceding unsigned comment added by 96.227.99.193 (talk) 05:44, 21 May 2020 (UTC)[reply]