Google yakavhura sisitimu yekugadzira sandbox mamiriro eC / C ++

Google

Mamwe mazuva apfuura Google yakazivisa kuvhurwa kweiyo Sandboxed API chirongwaque Inokutendera kuti ushandise iyo sandbox yekugadzira maitiro ekuita kwakasarudzika kwemaraibhurari ekumanikidza muC neC ++.

Kubvisa kodhi yako kubva kumaraibhurari inobvumidza kudzivirira kubva pakurwiswa kunogona kuitika pazvibato zvinopihwa nemaraibhurari, kugadzira chakawedzera chipingamupinyi kana paine kushomeka mune kodhi yako iyo inogona kushandiswa kuburikidza nekunyepedzera nedata rekunze rinopinda muraibhurari. Iyo kodhi yakavhurwa pasi peiyo Apache 2.0 rezinesi.

Kuzviparadzanisakana zvinoitwa uchishandisa mukati meSandbox2 nguva yekumhanya, umo mazita ezvinzvimbo, mapoka, uye seccomp-bpf anoshandiswa.

Iyo kodhi inounzwa kubhokisi rejecha iro rinomhanya mune yakasarudzika maitiro, ayo kuwana kune system kufona uye zviwanikwa, pamwe nemafaira uye netiweki yekubatana, ishoma.

Maitiro anowana mukana chete kune ehurongwa kugona ayo anonyatsodikanwa kuti aite yakasarudzika kodhi.

Sandbox2 inotsanangura izvo zvikamu kumhanyisa maitirokana, shandisa mitemo yekuzviparadzanisa uye tsigira kuuraya kunotevera.

sandbox2 inogona kushandiswa zvakasiyana neSandbox API kupatsanura kwete maraibhurari chete, asiwo maitiro ekupokana.

Pamusoro pekuwedzera kwekudzivirira, poindi yakanaka mukubvisa kodhi munzira dzakasiyana ndeye mukana weimwe mirau yekuganhurwa pamashandisirwo ekurangarira muraibhurari neCPU, pamwe nekudzivirirwa pakundikana. raibhurari haina kukonzeresa kuti application yese ipunzike.

Nezve Sandboxed API

Sandboxed API ndeye Sandbox2 plugin izvo zvinorerutsa kutakurwa kwemaraibhurari aripo kuti amhanye mune yakasarudzika nzira.

Purogiramu inonzi Sandboxed inopa iyo yepakati software interface iyo inokutendera iwe kumhanyisa iyo raibhurari kodhi mune sandbox nharaundapamwe nekuronga kufona kune raibhurari mune sandbox nharaunda uye nekuona kuunzwa kwemaraibhurari mhedzisiro kuchirongwa chikuru.

Se inowana raibhurari iri kwayo yega kuburikidza nehunyanzvi RPC inoenderana neProtoBuffs protocol.

A vagadziri vemaraibhurari vanopihwa seti yesarudzo iyo inobvumidza kupinda kune akasiyana, faira zvinotsanangudza, mabhafa uye mabasa emaraibhurari akasarudzika kubva pachigadziko application, zvinosanganisira zvishandiso zve otomatiki uye zvinodzorwa ndangariro kuwiriranisa kwekugovana arrays uye zvimiro.

sapi-pfupiso

Kana raibhurari yesoftware inoongorora dhata yakadai yakaoma kunzwisisa, inogona kuwira kune mamwe marudzi ekuchengetedzeka kwekuchengetedza: ndangariro huori zvikanganiso kana mamwe marudzi ematambudziko ane chekuita nepfungwa dzekuongorora (semuenzaniso, nzira dzinofamba munzira). Izvo zvinokuvadza zvinogona kuve nechengetedzo zvakakomba.

Uyewo, API inopihwa kuti iongorore mashandiro eakasarudzika maitiro uye kuatangazve iwo kana zvikakundikana.

Kune raibhurari iri yega, zvirevo zvekodhi yemabasa ari ega anogadzirwa otomatiki eBazel gungano system uye chirongwa chechirongwa (SAPI) chekudyidzana pakati pezvakakosha uye zvakasarudzika maitiro.

Iyo yekuvandudza inofanirwa zvakare kugadzira yemusoro faira ine yekuzviparadzanisa mitemo iyo inotsanangura ese anotenderwa system mafoni uye mashandiro (verenga, nyora, vhura mafaera, kuwana nguva, kugona kuisa vanobata masaini, tsigiro yekugovera ndangariro kuburikidza nemalloc, nezvimwewo.

Iwo mafaera uye madhairekitori ayo raibhurari inofanirwa kuve nekuwana maanotemerwa zvakasiyana.

Kuiswa

Parizvino, chirongwa ichi chinowanikwa chete kuLinux, asi mune ramangwana vanovimbisa kuwedzera rutsigiro rweMacOS neBSD masystem, uye munguva yakareba, uye neWindows. Ehe iwe unoda kuisa sandboxed api iwe unogona kuteedzera yakapihwa rairo mune iyi link.

Zvezvirongwa, zvinoonekwa zvakare iko kugona kupatsanura maraibhurari mumitauro isiri C uye C ++, yekuwedzera nguva yekumhanya yekuzvipatsanura (semuenzaniso zvinoenderana nehurongwa hwehardware) uye kugona kushandisa CMake uye mamwe masisitimu egungano (rutsigiro parunogumira kuBazel kuvaka system).

mabviro: https://security.googleblog.com


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako