From: Maciej Sobczak <see.my.homepage@gmail.com>
Subject: Re: Arbitrary Sandbox
Date: Sat, 11 Feb 2012 02:32:45 -0800 (PST)
Date: 2012-02-11T02:32:45-08:00 [thread overview]
Message-ID: <702c5d55-ff96-486c-bff9-93aa273f6217@i18g2000yqf.googlegroups.com> (raw)
In-Reply-To: b413fd6c-dc65-4b85-8126-6d9704c2e3c5@qt7g2000pbc.googlegroups.com
On 10 Lut, 05:41, Rob Shea <zzyca...@gmail.com> wrote:
> > Could you be more specific? That sounds like a computer running
> > Windows, alone in a dedicated room, with no connections to the outside.
>
> Well, virtually speaking, that is exactly what I want... literally
> speaking it's a Windows system, networked, with removable disks, that
> needs to run untrusted code processing untrusted data.
> In other words, a very simple and restrictive, operating system level
> virtualization tool for Windows, that can be initiated by unprivileged
> users.
Then I don't understand why you got stuck at the level of language
choices. Neither .NET nor Ada will provide you this level of isolation
- both can initiate malicious network connections and both can read
and write files, for example.
I think that you should take a look at virtualization solutions like
VMWare. This allows to create an operating system within an operating
system, which is great for experimentation as well as for creating
security sandboxes. In essence, such a sandbox is like a separate
machine, but does not require separate hardware.
What is most important, you can really run *arbitrary applications* on
such a sandboxed system (just as you have described in your initial
post), no matter what language they are written in. Note that if you
choose .NET as your "virtualization solution", then you will *not* be
able to run any application that is not .NET-based. Similarly, if you
pick Python, you will only be able to run Python applications on it.
Same for Java [*].
That does not count as "I can run arbitrary applications on it" for
me.
[*] Yes, I know that there are many .NET-based languages, and there
are many languages based on the JVM. Still, that does not count as "I
can run arbitrary applications on it".
The advantage of real virtual machines (of the VMWare or Parallels,
etc. kind) is that you can do with them things that you would never
find a courage to do with your physical machine. This is really a
great tool for creating experimental, testing or security sandboxes
and I'd recommend that you take a look at them.
--
Maciej Sobczak * http://www.msobczak.com * http://www.inspirel.com
next prev parent reply other threads:[~2012-02-11 10:34 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak [this message]
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran
2012-02-20 23:39 ` Robert A Duff
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox