1. 15
  1.  

  2. 2

    This is cool!

    Several years ago I tried to build a package manager that build packages in a sandbox. I ended up hacking on an earl version of this tool:

    https://linux.die.net/man/8/linux-user-chroot

    It has an --unshare-net flag, which uses Linux namespaces. How does that compare to using seccomp BPF? Of course the latter gives you more control, but it seems like you may not be using the control?

    I think this tool was built for similar purposes (restricting what builds can do), although I haven’t used it in awhile.

    And I also wonder why you chose to make it a shared object loaded into bash rather than an external command? In addition to linux-user-chroot, there is also system-nspawn, etc. which work in a similar fashion.

    I would like https://www.oilshell.org/ to have some process sandboxing features like this. But I think they can mostly go in a separate tool. Though I haven’t decided on what exactly that looks like.

    1. 3

      One advantage of seccomp here is that it doesn’t require any additional privileges where I’m not sure if unshare does.

      I chose to make it a shared object so that it could fit into the existing build process as “just another step”, if I had to execute a command I would need to modify the build process to re-exec itself between the “download” and “build” phases, here I just drop the privilege in the build script process and everything else follows.

      In previous sandboxes I used UML to fake being privileged and could drop networking just by shutting down the emulated network adapter. http://www.rkeene.org/viewer/tmp/fakeroot.sh.htm

      1. 1

        One advantage of seccomp here is that it doesn’t require any additional privileges where I’m not sure if unshare does.

        I’ve had problems with unshare before, and actually wrote a program for filtering syscalls based on seccomp to avoid those issues. I’ve written about it here.

    2. 1

      Really good stuff, TCL with seccomp is a combination I can get behind! :)

      Flicking through your other blog posts you are atypical (not ‘broken’ like…the others) so interested to hear why you picked this approach over using iptables (owner match), a PBR (ip rule with uid match) to a routing table with no default route, ptrace, DNS blocking, or HTTP(S) proxy to do the checksum validation, …

      Valid answers do include “provided me a good excuse to tinker with this” :)

      Would like to hear your thoughts on comparing this to the various (limitless) alternative ways this could have been done and anything you thought was “wish I had tried something else”?

      After all, different strokes for different folks…

      1. 1

        My build process doesn’t involve any special privileges and may be running multiple builds at the same time by the same UID so downloads from one process (but same UID) may need to work while another process (same UID) may need to be restricted.

        The other solution being used immediately prior to this was an LD_PRELOAD hack to disable the socket function, however this did not affect static binaries and things using 32-bit processes couldn’t load it.

      2. 1

        For most practical uses, you can easily filter by system call (one by one or in groups) and by namespace using systemd unit files or systemd-nspawn or firejail

        1. 1

          This change in disposition needs to happen in the middle of a build script. These other solutions are not that great at this. Firejail can use seccomp as well, but this can be loaded into an existing bash script at any time.

          1. 1

            That’s why I wrote “for most practical uses”: most developers don’t want to implement sandboxing and we are left to sandbox processes externally.

            1. 1

              Sometimes, however, it’s needed as in the example in the article. And when it’s needed a good DSL makes a huge difference in writing working rules.

              1. 1

                Indeed. I’ve been looking at https://landlock.io/talks/2019-09-12_landlock-summary.pdf as a more flexible sandbox than just seccomp. Besides, I’d love to see sandboxing integrated into programming languages.