Sandbox

Adobe Reader X runs in a sandbox at a very restricted privilege level. Important system calls are supposed to be handled by a special broker process that will subject them to extensive testing. However, a small design flaw allows attackers to escape from this sandbox and execute arbitrary code – despite having both ASLR (Address Space Layout Randomisation) and DEP (Data Execution Prevention). As described by Guillaume Delugré, the broker process is at the heart of the exploit as it uses a memory page allocated via VirtualAllocEx to store the overwritten code of system calls which have been redirected to the broker. Despite having ASLR, however, the memory address returned by VirtualAllocEx is not randomised. This means that the Windows system function call will end up in a predictable, “nearly constant” location which the exploit can then access directly. ...

ISC Diary: One of the things that I’ve been working on lately is building an automated malware analysis environment to handle Android malware similar to the one I built for Windows malware. I’m not quite there yet, but I was quite pleased to here about the new service being offered by the folks at Die Universität Erlangen-Nürnberg. This is still a research project, so if you choose to use it, be understanding. Don’t expect 24×7 uptime and let’s try not to DoS them. That said, I’m looking forward to seeing how well it works and how the dynamic analysis will work once it is actually in production. ...

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. I Recommend Sandboxie for Daily use. The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization. ...