Date: Wed, 30 Mar 2022 12:14:29 -0400 From: Ed Maste <emaste@freebsd.org> To: Mathieu <sigsys@gmail.com> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: curtain: WIP sandboxing mechanism with pledge()/unveil() support Message-ID: <CAPyFy2CK1s63-joiTACYnoiOAODHVNDk5Ahyax16BSK8moWxwg@mail.gmail.com> In-Reply-To: <25b5c60f-b9cc-78af-86d7-1cc714232364@gmail.com> References: <25b5c60f-b9cc-78af-86d7-1cc714232364@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Mar 2022 at 05:38, Mathieu <sigsys@gmail.com> wrote: > > Hello list. Since a while I've been working on and off on a > pledge()/unveil() implementation for FreeBSD. I also wanted it to be > able to sandbox arbitrary programs that might not expect it with no (or > very minor) modifications. Interesting work - I'm happy to see development with the mac framework and I plan to take a good look at it once I have a bit more time. I have a couple of quick comments from an initial brief look. First, the update to pledge's declaration in crypto/openssh/openbsd-compat belongs upstream in the openssh-portable project; we'll then just pick it up with a subsequent import. Second, following on from David Chisnall's comment about userland abstraction, there's another example of this concept in the "Super Capsicumizer 9000" at https://github.com/unrelentingtech/capsicumizer. It interposes libc and uses LD_PRELOAD, so won't work with statically linked binaries (and has other limitations) but the example it presents is sandboxing an unmodified gedit.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CK1s63-joiTACYnoiOAODHVNDk5Ahyax16BSK8moWxwg>