Re: the easy way to sandbox?

From: Mihai DonÈu
Date: Mon May 21 2012 - 12:52:28 EST

Next message: Linus Torvalds: "Re: Plumbers: Tweaking scheduler policy micro-conf RFP"
Previous message: Dimitri Sivanich: "[PATCH] x86: check for valid irq_cfg pointer insmp_irq_move_cleanup_interrupt"
In reply to: ivo welch: "the easy way to sandbox?"
Next in thread: Alan Cox: "Re: the easy way to sandbox?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 21 May 2012 09:28:13 -0700 ivo welch wrote:
> Suggestion: introduce a system call that eliminates access to all
> real file systems for the current process. the only permissible
> interaction would be stdin, stdout, and stderr.
>
> this would make it very simple to write a sandboxed safe fcgi script.
> the script could load all the dynamic libraries and data it wants, and
> then call this no-more-filesystem-access feature (preferably allowable
> without root privileges). thereafter, even if a hacker takes control
> of the script, not much permanent damage can happen.
>
> right now, it is much more complex to accomplish this---which is why
> sandboxing cgi scripts is not used too often.
>

Check this out: http://en.wikipedia.org/wiki/Seccomp

--
Mihai DonÈu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Plumbers: Tweaking scheduler policy micro-conf RFP"
Previous message: Dimitri Sivanich: "[PATCH] x86: check for valid irq_cfg pointer insmp_irq_move_cleanup_interrupt"
In reply to: ivo welch: "the easy way to sandbox?"
Next in thread: Alan Cox: "Re: the easy way to sandbox?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]