Re: the easy way to sandbox?

From: Alan Cox
Date: Mon May 21 2012 - 14:50:03 EST

Next message: Sam Ravnborg: "[PATCH] net: drop NET dependency from HAVE_BPF_JIT"
Previous message: richard -rw- weinberger: "Re: seccomp and ptrace. what is the correct order?"
In reply to: Mihai DonÈu: "Re: the easy way to sandbox?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 21 May 2012 09:28:13 -0700
ivo welch <ivo.welch@xxxxxxxxxxxxxxxxx> wrote:

> Suggestion: introduce a system call that eliminates access to all
> real file systems for the current process. the only permissible
> interaction would be stdin, stdout, and stderr.
>
> this would make it very simple to write a sandboxed safe fcgi script.

No it wouldn't - because of things like ptrace.

Sandboxing done right is *hard*. SELinux and the other security setups
can do it. Containers can do interesting stuff in this space. Probably
the distros sometimes need to package the tools for it better.

Take a look at some of the cloud service code people have published.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "[PATCH] net: drop NET dependency from HAVE_BPF_JIT"
Previous message: richard -rw- weinberger: "Re: seccomp and ptrace. what is the correct order?"
In reply to: Mihai DonÈu: "Re: the easy way to sandbox?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]