sandboxed-api/sandboxed_api/sandbox2
Christian Blichmann 33206c5d3f Use a longer string in the CRC4 buffer overflow example.
On some newer compiler versions, compiler optimizations and loop unrolling
change the memory layout so that 64 bytes are not enough to overwrite the
return address reliably.

PiperOrigin-RevId: 240343358
Change-Id: Ifb1a1dc1cb482793b7387887f0fd68a237879227
2019-03-26 07:28:15 -07:00
..
docs Fix user namespaces link in howitoworks.md 2019-03-18 21:22:53 +01:00
examples Use a longer string in the CRC4 buffer overflow example. 2019-03-26 07:28:15 -07:00
testcases Test that isatty is being allowed by AllowTCGETS. 2019-03-20 04:11:21 -07:00
unwind Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util Improve internal<->external code transforms #2 2019-03-19 10:38:52 -07:00
bpfdisassembler.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
bpfdisassembler.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
buffer.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
BUILD.bazel Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
client.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
client.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
comms_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
comms_test.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
comms.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
comms.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
executor.cc Improve internal<->external code transforms 2019-03-19 05:51:53 -07:00
executor.h Formatting fixes. 2019-03-19 03:41:32 -07:00
forkingclient.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkingclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver.cc Add missing chdir() in the init process 2019-03-20 10:36:11 -07:00
forkserver.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
forkserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
global_forkclient.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
global_forkclient.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
ipc_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
ipc.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
ipc.h Formatting fixes. 2019-03-19 03:41:32 -07:00
limits_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
limits.h Formatting fixes. 2019-03-19 03:41:32 -07:00
logserver.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logserver.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logserver.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
logsink.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
monitor.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
monitor.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
mounts_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
mounts.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
mounts.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
mounttree.proto Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
namespace_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
namespace.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
namespace.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
network_proxy_client.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_client.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_server.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
network_proxy_server.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
notify_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
notify.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
policy_test.cc Test that isatty is being allowed by AllowTCGETS. 2019-03-20 04:11:21 -07:00
policy.cc Improve internal<->external code transforms 2019-03-19 05:51:53 -07:00
policy.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
policybuilder_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
policybuilder.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
policybuilder.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
README.md Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
regs.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
regs.h Rename deathrattle_fatalmsg proto 2019-03-20 05:19:55 -07:00
result.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
result.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
sandbox2_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
sandbox2.cc Formatting fixes. 2019-03-19 03:41:32 -07:00
sandbox2.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
sanitizer_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
sanitizer.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
sanitizer.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
stack-trace_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
stack-trace.cc Improve internal<->external code transforms 2019-03-19 05:51:53 -07:00
stack-trace.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall_defs.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall_defs.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
syscall.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
testing.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util_test.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util.cc Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
util.h Sandboxed API OSS release. 2019-03-18 19:00:48 +01:00
violation.proto Disable "mini" debug format support in libunwind to avoid additional library dependency 2019-03-20 08:03:08 -07:00

Sandbox2

Sandbox2 is a C++ security sandbox for Linux which can be used to run untrusted programs or portions of programs in confined environments. The idea is that the runtime environment is so restricted that security bugs such as buffer overflows in the protected region cause no harm.

Who is it for?

Sandbox2 is aimed to sandbox C/C++ code or whole binaries in production.

See the sandboxing options overview page to make sure this is the type of sandboxing you are looking for.

How does it work?

Read our How it works page to learn everything about this technology.