Skip to content

Sandboxing Strategies

hellais edited this page Jul 5, 2012 · 1 revision

On sandboxing in general: http://www.chromium.org/developers/design-documents/sandbox

Windows

Integrity levels for Vista and later. http://msdn.microsoft.com/en-us/library/bb625964.aspx http://msdn.microsoft.com/en-us/library/bb625957.aspx

Proper sandboxing through restricted token. http://msdn.microsoft.com/en-us/library/windows/desktop/aa379316(v=vs.85).aspx

Networking related

Enforce networking through windows firewall, this may conflict with other firewall systems.

OS X

 strings `otool -L /usr/bin/sandbox-exec | head -n 2 | tail -n 1 | cut -d ' ' -f1 `

Default sandbox profile for AppSandbox:

/System/Library//Sandbox/Profiles/application.sb

Linux

BSD

http://www.freebsd.org/doc/handbook/mac.html

Clone this wiki locally