1 |
On Fri, 22 Sep 2017 17:20:23 +0200 |
2 |
Michał Górny <mgorny@g.o> wrote: |
3 |
|
4 |
> W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis |
5 |
> Ballier napisał: |
6 |
> > On Fri, 22 Sep 2017 06:07:18 +0200 |
7 |
> > Michał Górny <mgorny@g.o> wrote: |
8 |
> > |
9 |
> > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt |
10 |
> > > Turner napisał: |
11 |
> > > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny |
12 |
> > > > <mgorny@g.o> wrote: |
13 |
> > > > > Given that sandbox is utterly broken by design, I don't really |
14 |
> > > > > want to put too much effort in trying to make it a little |
15 |
> > > > > better. I'd rather put the minimal effort required to make it |
16 |
> > > > > not-much-worse. |
17 |
> > > > |
18 |
> > > > You said in your initial email that you weren't an expert in its |
19 |
> > > > internals, but here you say it's broken by design. Why do you |
20 |
> > > > think that? |
21 |
> > > > |
22 |
> > > |
23 |
> > > Because it uses LD_PRELOAD which is a huge hack and which causes |
24 |
> > > guaranteed issues we can't really fix. All we can do is disable |
25 |
> > > it for emacs, for compiler-rt and I'm afraid this list will grow |
26 |
> > > because overriding random library functions is never a good idea. |
27 |
> > > |
28 |
> > |
29 |
> > I think we're all ears for a better solution. There are probably |
30 |
> > much better ways to do sandboxing these days than 15 years ago. |
31 |
> > |
32 |
> > LD_PRELOAD does not work with static binaries. Hence the non |
33 |
> > portable ptrace stuff. Hence bugs. Etc. The point is, that's the |
34 |
> > best we have now. |
35 |
> > |
36 |
> |
37 |
> I know of two obvious alternatives: ptrace and filesystem layer (e.g. |
38 |
> FUSE). |
39 |
> |
40 |
> For the former, there's sydbox. I'm going to look into integrating it |
41 |
> into Portage when I have more time. |
42 |
|
43 |
From: https://github.com/alip/pinktrace/blob/master/configure.ac |
44 |
case "$host_cpu" in |
45 |
i[[3456]]86|pentium) |
46 |
x86?64*|amd64) |
47 |
ia64) |
48 |
powerpc64*) |
49 |
powerpc*) |
50 |
arm*) |
51 |
[add support for those arches] |
52 |
*) |
53 |
AC_MSG_RESULT([NO!]) |
54 |
AC_MSG_ERROR([Architecture $host_cpu is not supported by |
55 |
pinktrace]) ;; |
56 |
|
57 |
sandbox keywords: |
58 |
2.11-r5:0: ~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc |
59 |
~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd |
60 |
|
61 |
|
62 |
Good luck adding the missing bits! |
63 |
|
64 |
|
65 |
> For the latter, I have writing one in TODO. But I'm not sure when I'll |
66 |
> have enough time to do work on it. |
67 |
|
68 |
Not sure how that would work, but you'll likely need some kind of |
69 |
chroot/container since you don't want to trust a random binary ran as |
70 |
root to respect environment variables. |
71 |
|
72 |
Alexis. |