| 1 |
Hello everyone, |
| 2 |
|
| 3 |
I've continued the work on the path sandbox. Since access holes might |
| 4 |
happen when an application resets the LD_PRELOAD variable, I've added an |
| 5 |
additional feature which can only work when the sandbox is being ran as |
| 6 |
the root user. When the sandbox is first started up by the root user, it |
| 7 |
adds the path to its glibc replacement library to the |
| 8 |
'/etc/ld.so.preload' file. Multiple root executed sandbox instances are |
| 9 |
tracked and when the last ones exits, the entry from the |
| 10 |
'/etc/ld.so.preload' file is removed. All this happens as securely as |
| 11 |
possible with the implementation of file locks and such. |
| 12 |
|
| 13 |
Due to the addition of this library to the '/etc/ld.so.preload' file, |
| 14 |
all system apps become affected by the sandbox. To prevent this from |
| 15 |
having an effect, the sandbox checks for the SANDBOX_ON environmental |
| 16 |
variable and only becomes functional if its present. |
| 17 |
|
| 18 |
To be able to implement this I've removed the prior shell wrapper and |
| 19 |
implemented everything in c. To test this out, just cd in the archive |
| 20 |
dir, run 'make' and './sandbox'. |
| 21 |
|
| 22 |
Note that the sandbox only works with dynamically linked executables and |
| 23 |
since bash in gentoo is currently statically linked, it's calls aren't |
| 24 |
traced at all. Tomorrow I'm performing some tests to examine how a |
| 25 |
dynamically linked bash could potentially interfere with library |
| 26 |
upgrades in gentoo (as requested by Daniel). |
| 27 |
|
| 28 |
Please test this out and provide feedback, |
| 29 |
|
| 30 |
Geert Bevin |
| 31 |
|
| 32 |
-- |
| 33 |
Geert Bevin |
| 34 |
the Leaf sprl/bvba |
| 35 |
"Use what you need" Pierre Theunisstraat 1/47 |
| 36 |
http://www.theleaf.be 1030 Brussels |
| 37 |
gbevin@×××××××.be Tel & Fax +32 2 241 19 98 |
Archives