...limit potential damage that can happen if a vulnerability is exploited.
Security aspects are a much more likely reason for using sandboxing than carriers complaining is. Plus, sandbox is already available from C -- see: `man 7 sandbox`.
Anyway, I imagine tptacek (or anyone who knows more about security than I do) can explain this better than I can, but, I'll give it a shot: In limiting your process, you're preventing an unknown state from happening within your process. Its another level of control that you can use to ensure that your program will only do what you programmed it to do and that it can't do anything else.
One part of how this sandboxing works is that any process spawned will also be contained within the sandbox. So, say there is a vulnerability -- in your code, in a gem you use, whatever -- the point is, there is a vulnerability. Maybe it will give an evil nasty person remote access to your system, or perhaps a local user can use it to gain privileges that they shouldn't have. Or something else that I'm not thinking of.
Anyway, as a result of a vulnerability, the user now has access to your system. Or maybe they have more access than they should. You can use Sandbox to forcibly limit how much access a process and child processes can have. You can make it so that a process can't write to any directory except the temporary directory that it uses and block access to the internet. Make it harder for the evil nasty person to break, steal or otherwise continue doing things that they shouldn't be doing.
// edit: to summarize: No matter how safe your Ruby code happens to be, if you use an unsafe C extension, you're screwed if you're not using sandbox(7).
Security aspects are a much more likely reason for using sandboxing than carriers complaining is. Plus, sandbox is already available from C -- see: `man 7 sandbox`.
Anyway, I imagine tptacek (or anyone who knows more about security than I do) can explain this better than I can, but, I'll give it a shot: In limiting your process, you're preventing an unknown state from happening within your process. Its another level of control that you can use to ensure that your program will only do what you programmed it to do and that it can't do anything else.
One part of how this sandboxing works is that any process spawned will also be contained within the sandbox. So, say there is a vulnerability -- in your code, in a gem you use, whatever -- the point is, there is a vulnerability. Maybe it will give an evil nasty person remote access to your system, or perhaps a local user can use it to gain privileges that they shouldn't have. Or something else that I'm not thinking of.
Anyway, as a result of a vulnerability, the user now has access to your system. Or maybe they have more access than they should. You can use Sandbox to forcibly limit how much access a process and child processes can have. You can make it so that a process can't write to any directory except the temporary directory that it uses and block access to the internet. Make it harder for the evil nasty person to break, steal or otherwise continue doing things that they shouldn't be doing.
// edit: to summarize: No matter how safe your Ruby code happens to be, if you use an unsafe C extension, you're screwed if you're not using sandbox(7).