Re: Capsicum: practical capabilities for UNIX

To: David Young <dyoung%pobox.com@localhost>
Subject: Re: Capsicum: practical capabilities for UNIX
From: Jean-Yves Migeon <jean-yves.migeon%espci.fr@localhost>
Date: Tue, 26 Oct 2010 13:04:30 +0200

On Mon, 25 Oct 2010 20:13:16 -0500, David Young <dyoung%pobox.com@localhost> 
wrote:
> I've been wondering if the dynamic linker could simulate access to
> the global namespace by supplying alternate system-call stubs.  Say
> rtld-elf-cap supplies its own open(2) stub, for example, that searches
> Capsicum's fdlist for a suitable file descriptor on which to call
> openat(2):
> 
> int
> open(const char *path, int flags, mode_t mode)
> {
>       const char *name;
>       int fd;
> 
>       for (name, fd in fdlist) {
>               if (path is-under-directory name)
>                       return openat(fd, path, flags, mode);
>       }
>       errno = ENOENT;
>       return -1;
> }

That would only work with dynamic executables. Sandboxing static
executables that way will not work.

Anyway, that's a possibility. I know someone that is working on something
in this area, but it uses SECCOMP from Linux, and a syscall interception
method (intent is to avoid patching code in the binary) [1]

[1]
http://justanothergeek.chdir.org/2010/03/seccomp-as-sandboxing-solution.html

-- 
Jean-Yves Migeon
jean-yves.migeon%espci.fr@localhost

Follow-Ups:
- Re: Capsicum: practical capabilities for UNIX
  - From: David Young
- Re: Capsicum: practical capabilities for UNIX
  - From: Antti Kantee

References:
- Capsicum: practical capabilities for UNIX
  - From: David Young
- Re: Capsicum: practical capabilities for UNIX
  - From: David Young

Prev by Date: Re: CVS commit: src/bin/cp
Next by Date: Re: Capsicum: practical capabilities for UNIX
Previous by Thread: Re: Capsicum: practical capabilities for UNIX
Next by Thread: Re: Capsicum: practical capabilities for UNIX
Indexes:

Home | Main Index | Thread Index | Old Index