Yesterday, the team at Google open-sourced Sandboxed API, a tool that Google has been using internally for its data centers for years. It is a project for sandboxing C and C++ libraries running on Linux systems. Google has made the Sandboxed API available on GitHub.
Sandboxed API helps coders to automate the process of porting their existing C and C++ code in order to run on top of Sandbox2, which is Google's custom-made sandbox environment for Linux operating systems. Sandbox2 has also been open-sourced and is included with Sandboxed API GitHub repository.
Christian Blichmann & Robert Swiecki, from Google's ISE Sandboxing team, said, "Many popular software containment tools might not sufficiently isolate the rest of the OS, and those which do, might require time-consuming redefinition of security boundaries for each and every project that should be sandboxed."
The idea behind introducing sandboxing
The idea behind sandboxing is to prevent bugs from spreading from one process to another, or the underlying operating system and the kernel.
Many software projects process data that are externally generated and potentially could be untrusted. For instance, the conversion of user-provided picture files into different formats or executing user-generated software code.
In case, a software library that parses such data is complex, then there is a high possibility that it might fall victim to certain types of security vulnerabilities such as memory corruption bugs or other problems related to the parsing logic. These vulnerabilities can have a serious impact on security.
In order to overcome these challenges, developers prefer software isolation method known as sandboxing. With the help of sandboxing methods, developers make sure that only resources such as files, networking connections, and other operating system resources are accessible to the code involved in parsing user-generated content.
The team plans to have an added support more operating systems and plans to bring Sandboxed API to the Unix-like systems like the BSDs (FreeBSD, OpenBSD) and macOS. Google also aims to bring CMake support to the API.
To know more about this news in detail, check out Google’s blog post.
Google to be the founding member of CDF (Continuous Delivery Foundation)
Google announces the stable release of Android Jetpack Navigation
#GooglePayoutsForAll: A digital protest against Google’s $135 million execs payout for misconduct
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
Germany
Slovakia
Canada
Brazil
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
United States
Great Britain
India
Spain
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
France
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Australia
Japan
Russia
