In some languages (Java, C # without unsafe code, ...) it (should be) impossible to corrupt memory - there is no manual memory management, etc. This allows them to limit resources (file access, network access, maximum memory usage, ...) for applications quite simply - for example, Java applets (Java web start). It is sometimes called a sandbox.
My question is: is this possible with my own programs (for example, written in an unsafe language, for example C, C ++, but without source code)? I do not mean a simple workaround or antivirus software.
I think of two possibilities:
- run the application as a user of another OS, set restrictions for this user. Disadvantage - many users, for each combination of parameters, access rights?
- (somehow) restriction (OS API) functions that can be called I don’t know if any features (at least theoretically) allow complete protection, without the possibility of circumvention.
Edit: I'm more interested in theory - I don't care that, for example, some OSs have some undocumented functions or how to isolate any application on this OS. For example, I want to use the application for the sandbox and allow only two functions: get char from the console, put char in the console. How can this be done inexorably, there is no way around it?
Answers:
- Google x86 - (?) PNaCl -
- - , , ...
, ( ) , . -, 100% ( ) ?
Edit2: Google - , - , , , , -. , , .