Google makes project to sandbox C/C++ libraries on Linux open-source

Google makes project to sandbox C/C++ libraries on Linux open-source

Google has today created an open-source project for sandboxing C and C++ libraries running on Linux systems. This project is called Sandboxed API and is a tool that Google has used internally in its datacenters for many years.

The Sandboxed API is now available on GitHub. It also contains all the documentation necessary for programmers to place their C and C++ libraries in the sandbox and protect them from malware. When an app or code is placed in a sandbox, it means that it runs separately from other processes. The idea is to prevent bugs in this way and to ensure that exploits cannot be exploited too widely. The sandbox prevents leaks to other parts of the control system.

Automatic porting

The Sandboxed API is a library that helps coders automate the porting of their existing C and C++ code so that it runs in Sandbox2. This is the sandbox environment for Linux systems created by Google itself. Sandbox2 is now open-source and comes with the Sandboxed API on GitHub.

This is not the first time that these sandbox tools have been made open-source. Developers have several other tools at their disposal with which they can place their code in a sandbox. However, this specific software has the advantage that it was built by the software giant Google.

Isolate software

According to Christian Blichmann and Robert Swiecki, who work within the Google ISE Sandboxing team, similar popular tools do not isolate the software properly from the rest of the operating system. It takes a lot of time to define the safety settings for each project that has to be placed in the sandbox, according to Blichmann and Swiecki. So that’s what Google’s Sandbox software is changing.

In the future, Google also wants to add programming languages other than C and C++ to the Sandboxed API. It also wants to bring Sandboxing2 to other Unix-like operating systems like BSD and macOS. A Windows port is a larger enterprise and requires some more work, tell Blichmann and Swiecki.

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.