Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Google Open-sources Sandboxed API, a tool that helps in automating the process of porting existing C and C++ code

Save for later
  • 2 min read
  • 19 Mar 2019

article-image
Yesterday, the team at Google open-sourced Sandboxed API, a tool that Google has been using internally for its data centers for years. It is a project for sandboxing C and C++ libraries running on Linux systems. Google has made the Sandboxed API available on GitHub.

Sandboxed API helps coders to automate the process of porting their existing C and C++ code in order to run on top of Sandbox2, which is Google's custom-made sandbox environment for Linux operating systems. Sandbox2 has also been open-sourced and is included with Sandboxed API GitHub repository.

Christian Blichmann & Robert Swiecki, from Google's ISE Sandboxing team, said, "Many popular software containment tools might not sufficiently isolate the rest of the OS, and those which do, might require time-consuming redefinition of security boundaries for each and every project that should be sandboxed."

The idea behind introducing sandboxing


The idea behind sandboxing is to prevent bugs from spreading from one process to another, or the underlying operating system and the kernel.

Many software projects process data that are externally generated and potentially could be untrusted. For instance, the conversion of user-provided picture files into different formats or executing user-generated software code.

In case, a software library that parses such data is complex, then there is a high possibility that it might fall victim to certain types of security vulnerabilities such as memory corruption bugs or other problems related to the parsing logic. These vulnerabilities can have a serious impact on security.

In order to overcome these challenges, developers prefer software isolation method known as sandboxing. With the help of sandboxing methods, developers make sure that only resources such as files, networking connections, and other operating system resources are accessible to the code involved in parsing user-generated content.

The team plans to have an added support more operating systems and plans to bring Sandboxed API to the Unix-like systems like the BSDs (FreeBSD, OpenBSD) and macOS. Google also aims to bring CMake support to the API.

To know more about this news in detail, check out Google’s blog post.

Google to be the founding member of CDF (Continuous Delivery Foundation)

Google announces the stable release of Android Jetpack Navigation

#GooglePayoutsForAll: A digital protest against Google’s $135 million execs payout for misconduct

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at £16.99/month. Cancel anytime