What is a sandbox?

``Sandbox'' is a security term. It can mean two things:

Unix implements two core sandboxes. One is at the process level, and one is at the userid level.

Every Unix process is completely firewalled off from every other Unix process. One process cannot modify the address space of another. This is unlike Windows where a process can easily overwrite the address space of any other, leading to a crash.

A Unix process is owned by a particular userid. If the userid is not the root user, it serves to firewall the process off from processes owned by other users. The userid is also used to firewall off on-disk data.

Suggest a Site