是否有适用于 Windows 平台的轻量级、可编程的 Sandbox API? [英] Is there a lightweight, programmable Sandbox API for the Windows platform?
问题描述
为了在家里运行不受信任的代码,我使用了 VMWare 虚拟机.我想找到一个替代的轻量级沙箱 API 来运行不受信任的应用程序,而无需安装 VMWare 或任何其他类型的最终用户虚拟化工具.(我不希望它托管操作系统 - 我希望它运行不受信任的应用程序.
To run untrusted code at home I use a VMWare virtual machine. I want to find an alternate lightweight sandbox API for running untrusted applications, without the overhead of installing VMWare, or any other kind of end-user virtualization tool like that. ( I don't want it to host an OS - I want it to run untrusted apps).
理想情况下,沙箱应该是(或可以做成)透明的,因此在沙箱中运行的应用程序不会显示任何额外的 chrome 或功能.(他们不是在 Mac 上的 Parallels 中执行此操作吗)
Ideally the sandbox would be (or could be made) transparent so the app running in the sandbox doesn't display any extra chrome or features. (Don't they do this in Parallels on the Mac)
我的 Windows .NET 开发人员希望有一个 API,这样我就可以为它编写脚本而不是启动一个特殊的 GUI.
The Windows .NET developer side of me wishes for an API so instead of booting up a special GUI, I can script scenarios for it.
这就像 Google Chrome 网络浏览器如何包含自己的技术来沙箱从 Internet 运行的脚本以保护系统.Google 不需要将 VMWare 与他们的浏览器一起分发,但他们却为应用实现了沙盒安全.
It would be like how the Google Chrome web browser contains its own technology to sandbox scripts running from the Internet to protect the system. Google doesn't need to distribute VMWare with their browser and yet they achieve sandbox security for apps.
寻找像谷歌浏览器这样的轻量级产品,其中包含非常受限的文件/网络/用户界面访问、低权限等功能.而不是寻找运行/托管自己的操作系统.
Looking for something lightweight like Google Chrome contains with features like greatly restricted file/network/UI access, low privileges, etc. Not looking for running/hosting its own OS.
推荐答案
不,没有.
我的意思是,您可以使用不同的 Windows 帐户(具有您认为合适的任何权限),但是您需要确信不受信任的应用程序无法突破该帐户.但是您在使用 VMWare 时确实遇到了同样的问题(它过去曾出现过让您崩溃的错误).最好的办法是在虚拟机中运行.
I mean, you can use a different Windows account (with whatever permissions you consider appropriate), but then you need to be comfortable that the untrusted app can't break out of that. But you do have that same problem with VMWare (it has had bugs in the past that let you break out). Best thing to do is run in a Virtual Machine.
这篇关于是否有适用于 Windows 平台的轻量级、可编程的 Sandbox API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
