from Wikipedia, the free encyclopedia

Sandbox is the English term for a sandbox or sandpit and generally referred to an isolated area within which any action has no effect on the external environment.

Test area in computer science

When testing software, care must be taken that the system on which the test is being carried out is not changed, disrupted or damaged in any way by this software. This is not a trivial matter for software that has to be installed to run. In Windows operating systems , for example, changes are usually made in the central registry during an installation , which in particular can cause conflicts with other versions of this software.

The sandbox now stands for special features of the runtime environment of a software or the local working copy of a software module stored in a version control system (see e.g. Concurrent Versions System ). The software is shielded from the rest of the system, as it were put in the sandbox, in which, on the one hand, it cannot cause any damage and, on the other hand, the effects of the software can be recorded. There are techniques of varying depth that involve bending a file system and, again in the case of Microsoft Windows, the registry such as B. with Sandboxie , up to the (complete) simulation of a complete computer such as VMware , Bochs or FAUmachine .

One area of ​​application is the use of the DNS server program BIND under Unix. The process of the program is started in a virtual runtime environment, a so-called jail (English: prison), in order to make it more difficult for potential attackers to leave the prison in the event of successful attacks on this software and thus to reach the actual operating system environment.

Another application is the software installation of the Linux distribution Gentoo or the installation of your own Linux system (e.g. according to the LFS instructions). Since the software installation is prone to errors and a partial installation damages the whole system, the installation is first carried out in a sandbox, and the changes are only transferred to the system if it is successful.

The delimitation of potentially unsafe program parts is used daily in today's web browsers , so Chromium-based browsers for individual websites and plugins each work in independent sandbox processes, which increases stability and makes it much more difficult to control the user system for a browser exploit can.

See also

Web links