Questions tagged [sandbox]
A sandbox is a security mechanism for containing and restricting untrusted programs. Such programs could contain malicious code, which would otherwise harm the user's system.
214 questions
6 votes
3 answers
1k views
Keyboard isolation in Android
I'm currently running GrapheneOS on a Pixel 6a, and I have installed several alternative keyboards from F-Droid and the Play Store. How isolated are keyboards in Android? When I enable a keyboard in ...
- 975
1 vote
1 answer
88 views
What to consider when routing priviledged ports to sandboxed services? net.ipv4.conf.eth0.route_localnet=1 vs CAP_NET_BIND_SERVICE
The use case is: running isolated services, either as a hardened systemd unit file -- with close to a zero score on systemd-analyze security, or a linux container. Both of those will place services ...
- 355
2 votes
1 answer
390 views
Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?
My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted ...
- 410
1 vote
1 answer
188 views
Existence of sandbox to protect programs from a hostile host
As I understand it, a sandbox is an isolated environment on a machine, used to protect the host from the programs in the sandbox. Is there something similar but in reverse, for running important ...
- 11
0 votes
2 answers
346 views
Why don't we sandbox email clients company-wide?
Following on to questions like Sandbox for attachment accessment and How do I safely inspect a suspicious email attachment?. Why don't we sandbox email clients company-wide? I must be missing ...
- 190
0 votes
0 answers
179 views
Apparmor profile for executing untrusted binaries for online judge
I am writing an online judge so I need to sandbox execution of untrusted binaries for judging and for that, I am using apparmor. Here's my current simple profile: #include <tunables/global> ...
1 vote
0 answers
154 views
The simplest measures to run short code snippets securely on AWS Lambda
I would like to use AWS Lambda to run solutions to programming problems for an online courses website. So far, I use simple eval in my lambda function. However, many posts (e.g. this and this) suggest ...
- 111
1 vote
0 answers
296 views
Is using a singularity sandbox an effective way to increase security through isolation / compartmentalization?
I am using singularity sandboxes in my workflow for several reasons unrelated to security. However, after using it a bit, I am now wondering: is using a singularity sandbox an effective way to ...
- 339