1 |
Hello everyone, |
2 |
|
3 |
I've continued the work on the path sandbox. Since access holes might |
4 |
happen when an application resets the LD_PRELOAD variable, I've added an |
5 |
additional feature which can only work when the sandbox is being ran as |
6 |
the root user. When the sandbox is first started up by the root user, it |
7 |
adds the path to its glibc replacement library to the |
8 |
'/etc/ld.so.preload' file. Multiple root executed sandbox instances are |
9 |
tracked and when the last ones exits, the entry from the |
10 |
'/etc/ld.so.preload' file is removed. All this happens as securely as |
11 |
possible with the implementation of file locks and such. |
12 |
|
13 |
Due to the addition of this library to the '/etc/ld.so.preload' file, |
14 |
all system apps become affected by the sandbox. To prevent this from |
15 |
having an effect, the sandbox checks for the SANDBOX_ON environmental |
16 |
variable and only becomes functional if its present. |
17 |
|
18 |
To be able to implement this I've removed the prior shell wrapper and |
19 |
implemented everything in c. To test this out, just cd in the archive |
20 |
dir, run 'make' and './sandbox'. |
21 |
|
22 |
Note that the sandbox only works with dynamically linked executables and |
23 |
since bash in gentoo is currently statically linked, it's calls aren't |
24 |
traced at all. Tomorrow I'm performing some tests to examine how a |
25 |
dynamically linked bash could potentially interfere with library |
26 |
upgrades in gentoo (as requested by Daniel). |
27 |
|
28 |
Please test this out and provide feedback, |
29 |
|
30 |
Geert Bevin |
31 |
|
32 |
-- |
33 |
Geert Bevin |
34 |
the Leaf sprl/bvba |
35 |
"Use what you need" Pierre Theunisstraat 1/47 |
36 |
http://www.theleaf.be 1030 Brussels |
37 |
gbevin@×××××××.be Tel & Fax +32 2 241 19 98 |