From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Received: by 10.68.74.201 with SMTP id w9mr3597251pbv.0.1328874424461; Fri, 10 Feb 2012 03:47:04 -0800 (PST) Path: wr5ni8465pbc.0!nntp.google.com!news2.google.com!postnews.google.com!l14g2000vbe.googlegroups.com!not-for-mail From: Erich Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox Date: Fri, 10 Feb 2012 03:45:15 -0800 (PST) Organization: http://groups.google.com Message-ID: References: NNTP-Posting-Host: 85.242.121.4 Mime-Version: 1.0 X-Trace: posting.google.com 1328874424 6993 127.0.0.1 (10 Feb 2012 11:47:04 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 10 Feb 2012 11:47:04 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: l14g2000vbe.googlegroups.com; posting-host=85.242.121.4; posting-account=nd46uAkAAAB2IU3eJoKQE6q_ACEyvPP_ User-Agent: G2/1.0 X-Google-Web-Client: true X-Google-Header-Order: HUALENKC X-HTTP-UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0,gzip(gfe) Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Date: 2012-02-10T03:45:15-08:00 List-Id: On Feb 9, 11:47=A0pm, Rob Shea wrote: > I've been handed a project, but I'm not a programmer, much less an Ada > programmer. The idea is a Windows test station sandbox where arbitrary > applications can be executed, but cannot make system changes or > transmit data. >From your requirements I'd say you should care more about the host operating system than the language. Try NetBSD or a hardened Linux variant as a host OS and perhaps some virtualization technology on top of that. Notice that you can use Wine on a Linux system to run most Windows programs. Even then it will be hard to make this really secure. You might want to consider some way to automatically reinstall the complete system on each reboot from a read-only device. There is already plenty of software for that, because it's used in every public computer lab and kiosk mode application. Or do you want to write your own software PC emulator (without virtualization)? That would be secure and Ada could be appropriate for it (certainly more than C#) although most existing emulators are written in C/C++. In any case expect a lot of work. Third, if it's about running programs written in a particular perhaps domain-specific language at an acceptable speed, then you could implement this in a possibly JIT-compiled language that already allows for secure sandboxing. For example, implementations of Java, Javascript, and Racket have such modes. However, in that case the security of the overall solution depends on the security of the 3rd- party application, of course, and these implementations are written in C/C++ and likely contain exploitable bugs. In all three cases I'm afraid I'd have to agree with the other poster that it seems you're trying to reinvent the wheel.