the.com/sandboxing
letting code play in a locked room so it can't set the house on fire.
means running a program in an isolated environment where its access to the real system is deliberately restricted.
from named after the literal sandbox where kids dig, build, and destroy without wrecking the actual yard; computing borrowed the metaphor in the 1990s for isolating untrusted code.
browser tabseach one is basically its own sandbox
java appletspopularized sandboxing to stop malicious downloads
escape bugsbreaking out of a sandbox is a prized hacker exploit
containersdocker is sandboxing dressed up for deployment
for instance
chrome renderer process — isolates each tab so a malicious site cant touch your os
ios app sandbox — apps cant read each others data since iphone os 2
docker containers — isolate processes using linux namespaces and cgroups since 2013
virustotal analysis — detonates suspicious files in a vm to watch what they do