Sandbox server

Discussion in 'C++' started by Adem24, Jul 5, 2008.

  1. Adem24

    Adem24 Guest

    How would one program a sandbox?

    Let's say the server and all clients have the same architecture,
    and environment (for example 32bit x86-Linux environment).
    The server shall offer sandbox services to clients.
    A remote client can get a sandbox (an empty directory space)
    on the server, upload his precompiled executable program,
    start it, and then disconnect. When the program finishes
    then the sandbox server sends a notification to the
    email adress of the client.
    Then the client can connect to the sandbox and
    pick up the result file.
    So, there is no need for manual login; everything should be
    done programmatically via an agreed upon protocol (API).

    The main problem here is security and safety.
    The client program shall not be able to access any
    other directories on the server except its own directory
    and the subdirectories it can create therein.
    And, the sandbox client shall be allowed to use only some
    predetermined services, ie. only those that were explicitly
    allowed him to use, for example a specific tcp port
    and a specific ip-adress. And disc space, memory,
    and the # of file handles the user can use shall be restricted too.
    These limits are mainly for protecting the server itself
    from possible bad code of the clients.

    Ie. the sandbox server shall execute the program of the
    client in a controlled manner by ensuring that the client program
    does no harm to the server and also that the client program
    does not get access to other areas and services of the system
    beyond the sandbox. And that the client does not use all the
    disc space, ram, file handles, CPU priority, network bandwidth etc.

    Performance is important. The client wants to run his number-crunching
    program on the server because it is a much faster machine.

    Is such a sandbox server feasable and if yes, what would one need
    for developing such a safe&secure sandbox server?
    Can this be realized in C/C++ or does one need also assembler programming,
    if yes then how much % of the code would be needed to be done in assembler?
    Adem24, Jul 5, 2008
    #1
    1. Advertising

  2. In article <g4ojj8$ua0$>, Adem24 <> wrote:

    >How would one program a sandbox?


    >Let's say the server and all clients have the same architecture,
    >and environment (for example 32bit x86-Linux environment).
    >The server shall offer sandbox services to clients.
    >A remote client can get a sandbox (an empty directory space)
    >on the server, upload his precompiled executable program,
    >start it, and then disconnect.


    >Is such a sandbox server feasable and if yes, what would one need
    >for developing such a safe&secure sandbox server?
    >Can this be realized in C/C++


    The standard C library does not provide any network or security
    services. What you are asking for cannot be done in portable C.
    Possibly it could be done by using C plus some operating system
    specific extensions; you would have to inquire about those extensions
    in a newsgroup that deals with that specific operating system.

    >or does one need also assembler programming,
    >if yes then how much % of the code would be needed to be done in assembler?


    We have no way of knowing here. It would depend upon what
    system services the operating system and hardware together could
    provide. There is no general reason why it would be impossible for
    an operating system / hardware combination to provide all necessary
    services and give a C-compatible interface to them, but whether or not
    a particular system does so is not for us to say. You need to check
    newsgroups or resources that are more specific.

    The people in comp.security.misc might perhaps have some thoughts
    on the overall sandbox scheme.
    --
    This is a Usenet signature block. Please do not quote it when replying
    to one of my postings.
    http://en.wikipedia.org/wiki/Signature_block
    Walter Roberson, Jul 5, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ahmed Moustafa

    What is a sandbox?

    Ahmed Moustafa, Aug 23, 2003, in forum: Java
    Replies:
    1
    Views:
    393
    Roedy Green
    Aug 23, 2003
  2. Tim Tyler

    Application in sandbox

    Tim Tyler, Nov 27, 2004, in forum: Java
    Replies:
    24
    Views:
    910
    Intel Inside
    Dec 4, 2004
  3. Replies:
    4
    Views:
    451
    Roedy Green
    Sep 27, 2005
  4. Thomas G. Marshall
    Replies:
    6
    Views:
    428
    Thomas Hawtin
    Oct 20, 2005
  5. Adem24

    Sandbox server

    Adem24, Jul 5, 2008, in forum: C Programming
    Replies:
    1
    Views:
    357
    Walter Roberson
    Jul 5, 2008
Loading...

Share This Page