Jails, Sandboxes and other isolation mechanisms limit the damage from untrusted programs by reducing a pro- cess's privileges to the minimum. Sandboxing is designed to thwart such threats as (1) a program created by an attacker or (2) an input crafted to exploit a security vulnerability in a program. Examples of the later include input containing interpreted code or machine language to be injected via a buffer overflow. Traditionally, sandboxes are created by an invoking pro- cess. This is effective for (1) but only partially so for (2). For example, when a file is downloaded by a browser or processed as a mail attachment, the invoking process can sandbox it. However, sandboxing protections can be cir- cumvented when the file is copied outside the sandbox. The problem is that traditional sandboxes do not provide com- plete mediation. We introduce dynamic sandboxes, and show how even when data is saved and/or copied, sandboxing protections are not lost. In addition, and in contrast to traditional sand- box implementations, dynamic sandboxes are implemented using general purpose access controls. Not only does this provide a more flexible sandbox mechanism, and enable complete mediation, but these same primitives can be used to build other (non-sandbox) authorization policies.