6 projects tagged "sandbox"
Updated 13 Aug 2012
sydbox
| Pop | 129.10 |
|---|---|
| Vit | 6.87 |
sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
Updated 31 Dec 2011
pito
| Pop | 47.21 |
|---|---|
| Vit | 1.00 |
Pito is a set of C++0x header libraries to facilitate writing system call interceptor libraries based on LD_PRELOAD wrappers. The program "pito" is also provided for loading Unix commands with such wrappers. This system is capable of passing command line arguments to loaded plugins for easy configuration. Pito is supplied with a powerful system call sandbox library to prevent modifications to supplied filesystem locations and a system call logging library.
Updated 29 Nov 2010
uevalrun
| Pop | 44.72 |
|---|---|
| Vit | 1.00 |
uevalrun is a self-contained computation sandbox for Linux, using User-mode Linux for both compilation and execution of the program to be sandboxed. The program can be written in C, C++, Python, Ruby, Perl, or PHP. uevanrun enforces memory limits, timeouts, and output size limits in the sandbox. The primary use case for uevalrun is evaluation of solution programs submitted by contestants of programming contests: uevalrun compiles the solution, runs it with the test input, compares its output against the expected output, and writes a status report.
Updated 10 May 2013
Multi-Sandbox Lua Engine
| Pop | 42.83 |
|---|---|
| Vit | 1.00 |
Multi-Sandbox Lua Engine (MSLE) is a modified Lua interpreter which supports creation and maintenance of multiple "100% tight" sandboxes from within Lua. "100% tight" means that the amount of memory used by a sandbox (counting both code and data) is strictly limited, a feature Lua did not offer before.
Updated 14 Mar 2013
Sicuro
| Pop | 34.09 |
|---|---|
| Vit | 8.47 |
Sicuro is a whitelist-based sandbox for safely executing code written in the Ruby programming language. It does not use any operating system-specific features (such as chroots or jails), nor does it require anything besides a working Ruby (1.9+) installation and a few gems.
Updated 12 Dec 2009
FBAC-LSM
| Pop | 19.70 |
|---|---|
| Vit | 1.00 |
FBAC-LSM is a security mechanism for Linux which retricts applications based on the features they provide, such as "Web Browser" or "Image Editor". By restricting the actions of applications, the damage which can be caused by malware or software vulnerabilities can be significantly reduced. Reusable policy abstractions, known as functionalities, can be used to grant the authority to perform high level features (for example using the Web_Browser functionality) or lower level features (such as using the HTTP_Client functionality) or to grant privileges to access any specified resources. Functionalities are parameterized, which allows them to be adapted to the needs of specific applications. Functionalities are also hierarchical; that is, functionalities can contain other functionalities.
