From owner-freebsd-hackers Sun Jul 25 11:39:12 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 4129414BF2; Sun, 25 Jul 1999 11:38:26 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id UAA63806; Sun, 25 Jul 1999 20:35:34 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199907251835.UAA63806@gratis.grondar.za> To: Sue Blake Cc: freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Subject: Re: sandbox?? Date: Sun, 25 Jul 1999 20:35:20 +0200 From: Mark Murray Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sue Blake wrote: > > Nobody seems to be confident about the answer to my post to -questions. > Below is the only public answer. It is typical of many private answers > I received from otherwise knowledgeable people willing to make a > partial educated guess but not willing to expose their ignorance > publicly. They're all keen to know whatever I can find out :-) The usual use of the term "sandbox" means "restricted environment". A chroot(3) can be used to build this, and jail(3) is a stronger version, although this is not a usual use for the term. The term is popular in Java where it it implies that the (possibly hostile) applet _cannot_ do anything dangerous, because the environment it runs in has no API that allows this (like the applet cannot open arb files). The term "sandbox" in inetd.conf refers to a "su - ; chroot ; " environment (I think) so that cannot do any damage even if compromised. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message