Program In Shell

I will sketch the scenario I would like to get working below.

I have one main application.
That application, based on user interactions, can load other applications in a secure shell. This means these child applications cannot interact with the OS anymore, nor with each other.

The parent program can at any time call functions of these child programs.

The child program can at any time call functions of these parent programs.

Does anyone know how to implement this in C++? Preferably both parent and child should be written in C++.

The performance of loading the child applications doesn't matter. The only thing that matters is the performance of the communication between child and parent.

This concept is sometimes known as a sandbox, one example of such a sandbox is a virtual machine, another is the sandbox used by Google Chrome/Chromium.

In your case what i would do is make the host application a proxy between the operating system and the client application (this is pretty much what all sandboxes do at some level). What i mean by this is it seems like you want some of the basic OS services available to the client application (input/output), thus the host application defines an interface for these services that the client application may call. Then you can simply omit the functionality that you don't wish for the client applications to have access to.

I'm not sure how to implement this, but what i do know is that if you want the security aspect of this to be bulletproof, you're gonna be spending a _lot_ of time on this project.

Quote:

---

Originally Posted by Neo1

This concept is sometimes known as a sandbox, one example of such a sandbox is a virtual machine, another is the sandbox used by Google Chrome/Chromium.

In your case what i would do is make the host application a proxy between the operating system and the client application (this is pretty much what all sandboxes do at some level). What i mean by this is it seems like you want some of the basic OS services available to the client application (input/output), thus the host application defines an interface for these services that the client application may call. Then you can simply omit the functionality that you don't wish for the client applications to have access to.

I'm not sure how to implement this, but what i do know is that if you want the security aspect of this to be bulletproof, you're gonna be spending a _lot_ of time on this project.

---

Indeed a sandbox is what I'm aiming for. What I am doing at the moment is create a scripting parser, which parses as custom script and outputs it as C++. Then that C++ code will be compiled as a dynamic library and finally linked to the main project.

is there a good reason why you need to convert a script to C++ and compile it? is there any reason why you can't use boost:: python or something and call code in the scripts directly? it seems like it could be a bit safer from a security perspective.

I need to have full control over the script. Every interaction it wants to with the OS (e.g. reading files) do has to go trough the parent program which will then decide if it can do that or not.