-
Notifications
You must be signed in to change notification settings - Fork 9
Sandboxing Strategies
On sandboxing in general: http://www.chromium.org/developers/design-documents/sandbox
Integrity levels for Vista and later. http://msdn.microsoft.com/en-us/library/bb625964.aspx http://msdn.microsoft.com/en-us/library/bb625957.aspx
Proper sandboxing through restricted token. http://msdn.microsoft.com/en-us/library/windows/desktop/aa379316(v=vs.85).aspx
Enforce networking through windows firewall, this may conflict with other firewall systems.
strings `otool -L /usr/bin/sandbox-exec | head -n 2 | tail -n 1 | cut -d ' ' -f1 `
Default sandbox profile for AppSandbox:
/System/Library//Sandbox/Profiles/application.sb
-
AppArmor
-
SELinux
-
grsec
-
SMACK https://en.wikipedia.org/wiki/Simplified_Mandatory_Access_Control_KernelSmack http://lwn.net/Articles/243921/
http://www.freebsd.org/doc/handbook/mac.html
-
capsicum (freebsd)
-
ugidfw http://www.freebsd.org/doc/handbook/mac-bsdextended.html
-
Port ACL http://www.freebsd.org/doc/handbook/mac-portacl.html