Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Mar 2022 12:14:29 -0400
From:      Ed Maste <emaste@freebsd.org>
To:        Mathieu <sigsys@gmail.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: curtain: WIP sandboxing mechanism with pledge()/unveil() support
Message-ID:  <CAPyFy2CK1s63-joiTACYnoiOAODHVNDk5Ahyax16BSK8moWxwg@mail.gmail.com>
In-Reply-To: <25b5c60f-b9cc-78af-86d7-1cc714232364@gmail.com>
References:  <25b5c60f-b9cc-78af-86d7-1cc714232364@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Mar 2022 at 05:38, Mathieu <sigsys@gmail.com> wrote:
>
> Hello list.  Since a while I've been working on and off on a
> pledge()/unveil() implementation for FreeBSD.  I also wanted it to be
> able to sandbox arbitrary programs that might not expect it with no (or
> very minor) modifications.

Interesting work - I'm happy to see development with the mac framework
and I plan to take a good look at it once I have a bit more time.

I have a couple of quick comments from an initial brief look. First,
the update to pledge's declaration in crypto/openssh/openbsd-compat
belongs upstream in the openssh-portable project; we'll then just pick
it up with a subsequent import. Second, following on from David
Chisnall's comment about userland abstraction, there's another example
of this concept in the "Super Capsicumizer 9000" at
https://github.com/unrelentingtech/capsicumizer. It interposes libc
and uses LD_PRELOAD, so won't work with statically linked binaries
(and has other limitations) but the example it presents is sandboxing
an unmodified gedit.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CK1s63-joiTACYnoiOAODHVNDk5Ahyax16BSK8moWxwg>