Re: the easy way to sandbox?
From: Mihai DonÈu
Date: Mon May 21 2012 - 12:52:28 EST
On Mon, 21 May 2012 09:28:13 -0700 ivo welch wrote:
> Suggestion: introduce a system call that eliminates access to all
> real file systems for the current process. the only permissible
> interaction would be stdin, stdout, and stderr.
>
> this would make it very simple to write a sandboxed safe fcgi script.
> the script could load all the dynamic libraries and data it wants, and
> then call this no-more-filesystem-access feature (preferably allowable
> without root privileges). thereafter, even if a hacker takes control
> of the script, not much permanent damage can happen.
>
> right now, it is much more complex to accomplish this---which is why
> sandboxing cgi scripts is not used too often.
>
Check this out: http://en.wikipedia.org/wiki/Seccomp
--
Mihai DonÈu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/