[Exherbo-dev] Sydbox, a sandbox which will (hopefully) suck less
polatel at gmail.com
Mon Feb 16 01:32:31 GMT 2009
Sydbox¹ is a ptrace based sandbox implementation which is based in part
upon catbox² and strace³. Being ptrace based, it doesn't suffer the well
known security issues that LD_PRELOAD based sandbox implementations
suffer from. It tries hard to avoid symlink and other kind of races to
be on the secure side. It has basic support to disallow network
connections. Currently it only supports x86 and x86_64 architectures but
adding support for new architectures should be trivial.
Currently it intercepts 15 system calls. The other essential system
calls that has to be intercepted are the at suffixed functions (openat,
mkdirat, mknodat etc.) and i'll add them soon. Look at the system call
dispatch table in src/syscall.c⁴ for more information.
Configuration is handled using confuse⁴, it's pretty straightforward and
easy to understand. Look at the example configuration file⁶ for more
Usage and transition will be simple in my humble opinion. Repositories
will have a default sydbox.conf file in metadata/. There will be
per-category and per-package based sydbox.conf files which will replace
addpredict and addwrite calls. These files should include() the
repository default configuration file which can be done easily if the
package manager sets an environment variable that points to the root of
the repository. Confuse can handle environment variables.
The package manager is supposed to call the exheres using sydbox like:
sydbox -p PHASE -- command-to-execute-phase.
Last but not least confessions: I'm neither a C expert nor a security
expert so the code is full of bugs but hey it's a start right? Yesterday
I've started to add testcases and started to hunt them :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the Exherbo-dev