Sue Blake wrote: > > Nobody seems to be confident about the answer to my post to -questions. > Below is the only public answer. It is typical of many private answers > I received from otherwise knowledgeable people willing to make a > partial educated guess but not willing to expose their ignorance > publicly. They're all keen to know whatever I can find out :-)
The usual use of the term "sandbox" means "restricted environment". A chroot(3) can be used to build this, and jail(3) is a stronger version, although this is not a usual use for the term. The term is popular in Java where it it implies that the (possibly hostile) applet _cannot_ do anything dangerous, because the environment it runs in has no API that allows this (like the applet cannot open arb files). The term "sandbox" in inetd.conf refers to a "su - <safe_user>; chroot <safe_dir>; <app>" environment (I think) so that <app> cannot do any damage even if compromised. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message