What is sandboxing?

Hi,

Can someone explain to me what is sandbox. I’ve read a little about it mostly in posts but still don’t understand. What is it? Why use it? Pros and cons if any?

Thanks,
kel

Here’s Apple’s explanation to application developers: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html.

Nigel’s post is clear enough but links to Apple’s Developer Documentations are known to break soon so in short an answer here.

In short: Sandboxing’s purpose is running an application in quarantine to add extra security. It’s pro’s are also it’s cons, adding more security means also restricting the freedom/accessibility of the developer. There applications that can run perfectly in sandbox but there will always be applications who can’t.

There are two types of software running in an operating system. System-level and User-level. System software is normally run as root, no restrictions at all, and is mainly not controlled by an User and provides mostly services to the system (like FTP, HTTP, MySQL, Spotlight, VPN). This kind of software will normally not be used for sandboxing.

User-level is an another kind of software, it’s purpose is that is controlled by the user like iTunes, Safari or Calendar. Those are good pieces of software but they’re not written entirely on their own. iTunes uses Quicktime, Safari uses webkit and Calendar uses the Calendar framework. This is also no problem at all, the security-leak is that all those applications can use all system, local and user frameworks/libraries and other resources in the same user environment while it doesn’t need to use it. Sandboxing is restricting this access.

An example: I can understand that you can’t picture any security holes (yet) but with an example it’s maybe clearer. Webkit framework is not controlled by Apple but standard applications are using it like Calendar and Safari. The security hole in the Webkit framework combined with Safari and it can give full access to the system by writing a internet-plugin. This means that it can access everything that is allowed for the process (running as). When Safari is ran by administrator, or worse System Administrator (safari will be launched as root), it can gain access to resources you don’t want. When you put such an application in Sandbox mode (read: quarantine) and you specifically tell the system that it can only use the required resources like webkit and an restricted user space than you largely decrease the accessibility of the malicious plugin. So when Safari would be hacked using an internet plugin it can’t do much harm.

The pro is also it’s con which makes not every application suitable for sandboxing but most of them can.