Processes that need to perform some action outside the sandbox boundary must do so through a trusted proxy called a “broker process.”.
#Open adobe reader document within a c# application pdf#
All PDF processing such as PDF and image parsing, JavaScript execution, and 3D rendering happens in the sandbox and are subject to its limits for example, processes cannot access other processes.The Reader sandbox leverages the operating system’s security controls, and processes execute under a “principle of least privileges.” Thus, processes that could be subject to an attacker’s control run with limited capabilities and must perform actions such as reading and writing through a separate, trusted process. Barring any vulnerabilities in the sandbox mechanism itself, the scope of potential damage caused by a misbehaving Q is reduced. Q, however, will only be able to look at processes that are in the same sandbox as Q. For example, if P is running on a system, then P may be able to look at all processes on the system. If a process P runs a child process Q in a sandbox, then Q’s privileges would typically be restricted to a subset of P’s. For example, creating and executing files and modifying system information such as certain registry settings and other control panel functions may be prohibited. A sandbox limits, or reduces, the level of access its applications have. Sandboxes are typically used when data (such as documents or executable code) arrives from an untrusted source. When Reader sandboxing is enabled, Reader assumes all PDFs are potentially malicious and confines any processing they invoke to the sandbox.
In the context of Adobe Reader, the “untrusted program” is any PDF and the processes it invokes.
For application developers, sandboxing is a technique for creating a confined execution environment for running untrusted programs.