Gentoo Archives: gentoo-dev

From: Sergei Trofimovich <slyfox@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Reviving the Sandbox project
Date: Fri, 22 Sep 2017 11:39:11
Message-Id: 20170922123854.179f605c@sf
In Reply to: Re: [gentoo-dev] Reviving the Sandbox project by Alexis Ballier
1 On Fri, 22 Sep 2017 12:57:21 +0200
2 Alexis Ballier <aballier@g.o> wrote:
3
4 > On Fri, 22 Sep 2017 06:07:18 +0200
5 > Michał Górny <mgorny@g.o> wrote:
6 >
7 > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner
8 > > napisał:
9 > > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny <mgorny@g.o>
10 > > > wrote:
11 > > > > Given that sandbox is utterly broken by design, I don't really
12 > > > > want to put too much effort in trying to make it a little better.
13 > > > > I'd rather put the minimal effort required to make it
14 > > > > not-much-worse.
15 > > >
16 > > > You said in your initial email that you weren't an expert in its
17 > > > internals, but here you say it's broken by design. Why do you think
18 > > > that?
19 > > >
20 > >
21 > > Because it uses LD_PRELOAD which is a huge hack and which causes
22 > > guaranteed issues we can't really fix. All we can do is disable it for
23 > > emacs, for compiler-rt and I'm afraid this list will grow because
24 > > overriding random library functions is never a good idea.
25 > >
26 >
27 > I think we're all ears for a better solution. There are probably much
28 > better ways to do sandboxing these days than 15 years ago.
29 >
30 > LD_PRELOAD does not work with static binaries. Hence the non
31 > portable ptrace stuff. Hence bugs. Etc. The point is, that's the
32 > best we have now.
33
34 Some other distros try harder to isolate build environment either
35 through chroot and/or private mount/user/network namespace that
36 contains only explicitly specified files in build environment.
37
38 That would require more cooperation from package manager to fetch
39 list of all visible depends.
40
41 Don't know if drop-in relacement could be implemented for sandbox
42 that way. I like clear sandbox error reporting.
43
44 --
45
46 Sergei

Replies

Subject Author
Re: [gentoo-dev] Reviving the Sandbox project Alexis Ballier <aballier@g.o>
Re: [gentoo-dev] Reviving the Sandbox project Rich Freeman <rich0@g.o>