Re: curtain: WIP sandboxing mechanism with pledge()/unveil() support
Date: Wed, 30 Mar 2022 16:14:29 UTC
On Mon, 28 Mar 2022 at 05:38, Mathieu <sigsys@gmail.com> wrote: > > Hello list. Since a while I've been working on and off on a > pledge()/unveil() implementation for FreeBSD. I also wanted it to be > able to sandbox arbitrary programs that might not expect it with no (or > very minor) modifications. Interesting work - I'm happy to see development with the mac framework and I plan to take a good look at it once I have a bit more time. I have a couple of quick comments from an initial brief look. First, the update to pledge's declaration in crypto/openssh/openbsd-compat belongs upstream in the openssh-portable project; we'll then just pick it up with a subsequent import. Second, following on from David Chisnall's comment about userland abstraction, there's another example of this concept in the "Super Capsicumizer 9000" at https://github.com/unrelentingtech/capsicumizer. It interposes libc and uses LD_PRELOAD, so won't work with statically linked binaries (and has other limitations) but the example it presents is sandboxing an unmodified gedit.