Sandboxing on Windows
June 3, 2009 Leave a comment
This is a little off the beaten path for me, but I was interested in this post by a Googler about sandboxing on Windows:
Sandboxing is a technique that Google Chrome employs to help make the browser more secure, and was discussed in a previous blog post. On Windows, getting a process sandboxed in a way that’s useful to us is a pretty complicated affair. The relevant source code consists of over 100 files and is located under the sandbox/ directory in Chromium’s Open Source repository. But for our Mac and Linux ports, sandboxing is a very different story. On Linux there are a number of different sandboxing mechanisms available. Different Linux distributions ship with different (or no) sandboxing APIs, and finding a mechanism that is guaranteed to work on end-user’s machines is a challenge. Fortunately, on Mac OS X, the OS APIs for sandboxing a process are easy to use and straightforward.
I don’t know if they looked at Sandboxie at all, but it seems to be something they could have used.