A sandbox is a protection framework in computer security for separating running programs, typically in an attempt to prevent system failures or spreading software vulnerabilities. It is also used to execute untested or untrusted programs or code, probably from unverified or untrusted third parties, vendors, users or websites, without causing harm to the host machine or operating system.

Privilege separation, or sandboxing is extensively being used in applications to protect them from malicious data. But only weak primitive methods like chroot and setuid are used. Capsicum uses fine-grained capabilities and a sandboxed capability mode, allowing application compartmentalization and enforcing the principle of least privilege. It helps us eliminate the ambient authority problem.

These sandboxing techniques also have a weakness. Sometimes an unprivileged application requires access to a namespace, here Casper comes to our rescue. It is a privileged process that provides our application with the resources it needs before entering the capability mode so that the application can utilize them inside the sandbox.



Shubh Gupta


  • Mariusz Zaborski
  • Mark Johnston