Google has open-sourced today a project for sandboxing C and C++ libraries running on Linux systems. The project’s name is the Sandboxed API, a tool that Google has been using internally for its data centers for years.
The Sandboxed API is now available on GitHub, together with the documentation needed to help other programmers sandbox their C and C++ libraries and protect them from malicious user input and exploits.
For ZDNet users unfamiliar with the term, “sandboxing” refers to running an app or source code inside a “sandbox.”
In software design, a “sandbox” is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources.
The idea behind sandboxing and sandboxes is to prevent bugs and exploit code from spreading from one process to another, or the underlying operating system and the kernel.
The Sandboxed API is a library that helps coders automate the process of porting their existing C and C++ code to run on top of Sandbox2, which is Google’s custom-made sandbox environment for Linux operating systems.
Sandbox2 has also been open-sourced and included with the main Sandboxed API GitHub repository.
Submitted by: Arnfried Walbrecht