什么是沙盒? [英] What is sandboxing?

问题描述

我已阅读是一个低而宽的容器或浅洼地，里面装满了沙子孩子们可以玩.许多有孩子的房主在他们的后院建造沙坑，因为与许多游乐场设备不同，它们可以轻松且廉价地建造.沙坑"也可以表示露天砂矿.

嗯，软件沙箱与专为儿童玩的沙箱没有什么不同.通过为孩子提供一个沙箱，我们模拟了真实游戏场的环境(换句话说，一个隔离环境)，但对孩子可以做的事情有限制.因为我们不希望孩子被感染，也不希望他给别人带来麻烦.:) 到底是什么原因，我们只是想限制孩子可以做的安全原因.

现在来到我们的软件沙箱，我们让任何软件(子)执行(播放)，但对其(他)可以做什么有一些限制.我们可以感到安全&确保正在执行的软件可以做什么.

你已经看到 &用过杀毒软件.正确的?它也是一种沙盒.它限制了任何程序可以做什么.当检测到恶意活动时，它会停止并通知用户此应用程序正在尝试访问某某资源.是否允许?".

下载名为 sandboxie 的程序，您可以亲身体验沙盒.使用此程序，您可以在受控环境中运行任何程序.

红色箭头表示从正在运行的程序流入您的计算机的更改.标有硬盘(无沙箱)的框显示正常运行的程序所做的更改.标有硬盘(带沙箱)的框显示在 Sandboxie 下运行的程序所做的更改.动画说明 Sandboxie 能够拦截更改并将它们隔离在沙箱中，用黄色矩形表示.它还说明了将更改组合在一起可以轻松地一次删除所有更改.

现在从程序员的角度来看，沙盒正在限制应用程序允许使用的 API.在防病毒示例中，我们限制了系统调用(操作系统 API).

另一个例子是像topcoder这样的在线编码领域.您提交了一个代码(程序)，但它在服务器上运行.为了服务器的安全，他们应该限制程序API的访问级别.换句话说，他们需要创建一个沙箱并在其中运行您的程序.

如果您有合适的 sandox，您甚至可以运行受病毒感染的文件并停止该病毒的所有恶意活动，并亲眼看看它正在尝试做什么.事实上，这将是防病毒研究人员的第一步.

I have read the Wikipedia article, but I am not really sure what it means, and how similar it is to version control.

It would be helpful if somebody could explain in very simple terms what sandboxing is.

解决方案

A sandpit or sandbox is a low, wide container or shallow depression filled with sand in which children can play. Many homeowners with children build sandpits in their backyards because, unlike much playground equipment, they can be easily and cheaply constructed. A "sandpit" may also denote an open pit sand mine.

Well, A software sandbox is no different than a sandbox built for a child to play. By providing a sandbox to a child we simulate the environment of real play ground (in other words an isolated environment) but with restrictions on what a child can do. Because we don't want child to get infected or we don't want him to cause trouble to others. :) What so ever the reason is, we just want to put restrictions on what child can do for Security Reasons.

Now coming to our software sandbox, we let any software(child) to execute(play) but with some restrictions over what it (he) can do. We can feel safe & secure about what the executing software can do.

You've seen & used Antivirus software. Right? It is also a kind of sandbox. It puts restrictions on what any program can do. When a malicious activity is detected, it stops and informs user that "this application is trying to access so & so resources. Do want to allow?".

Download a program named sandboxie and you can get an hands on experience of a sandbox. Using this program you can run any program in controlled environment.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Now from a programmer's point of view, sandbox is restricting the API that is allowed to the application. In the antivirus example, we are limiting the system call (operating system API).

Another example would be online coding arenas like topcoder. You submit a code (program) but it runs on the server. For the safety of the server, They should limit the level of access of API of the program. In other words, they need to create a sandbox and run your program inside it.

If you have a proper sandox you can even run a virus infected file and stop all the malicious activity of the virus and see for yourself what it is trying to do. In fact, this will be the first step of an Antivirus researcher.

这篇关于什么是沙盒?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！