From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 36CEC158086 for ; Mon, 18 Oct 2021 08:48:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 54626E0887; Mon, 18 Oct 2021 08:48:49 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 375ACE0887 for ; Mon, 18 Oct 2021 08:48:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3747D3433D6 for ; Mon, 18 Oct 2021 08:48:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E9586164 for ; Mon, 18 Oct 2021 08:48:46 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1634536459.e4d2550791a820305ba4d86eb511c4539860b918.vapier@gentoo> Subject: [gentoo-commits] proj/sandbox:master commit in: / X-VCS-Repository: proj/sandbox X-VCS-Files: README.md X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: e4d2550791a820305ba4d86eb511c4539860b918 X-VCS-Branch: master Date: Mon, 18 Oct 2021 08:48:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: bb587caa-18d4-4ea2-a7b6-692d13ea91c3 X-Archives-Hash: 41497683ce32d1fec2701d7b1a41e24f commit: e4d2550791a820305ba4d86eb511c4539860b918 Author: Mike Frysinger gentoo org> AuthorDate: Mon Oct 18 05:54:19 2021 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Mon Oct 18 05:54:19 2021 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e4d25507 README: document requirements & limitations Start outlining what each method requires so people can choose. Signed-off-by: Mike Frysinger gentoo.org> README.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a79eaa3..bf15128 100644 --- a/README.md +++ b/README.md @@ -23,5 +23,55 @@ access that is not permitted is logged and we return an error to the application. Any access that is permitted is of course forwarded along to the real C library. -In case of static ELF binary sandbox traces eecuted binary with ptrace() system -call. +Static ELFs and setuid/setgid programs are executed with +[ptrace()](https://man7.org/linux/man-pages/man2/ptrace.2.html) instead. + +## Availability + +Sandbox supports multiple monitoring methods, but not all are available in all +system configurations. + +### preload + +The in-process LD_PRELOAD method should be available on any reasonable ELF-based +system as long as it uses dynamic linking. Statically linked programs will run, +but will not be monitored, nor will set*id programs (because the C library will +clear LD_PRELOAD first). + +Multiple ABIs are supported (e.g. x86 32-bit & 64-bit). + +It has been tested & known to work with: +* Architecture + * They all should work! +* Operating system + * [Linux](https://kernel.org/) 2.4+ +* C library + * [GNU C library (glibc)](https://www.gnu.org/software/libc/) 2.2+ + * [uClibc](https://uclibc.org/) 0.9.26+ + * [musl](https://musl.libc.org/) 0.9.9+ + +### ptrace + +The out-of-process ptrace method is available on Linux systems, works with +dynamic & static linking, and supports set*id programs (by forcing them to run +without any elevated privileges). + +Multiple personalities are supported (e.g. PowerPC 32-bit & 64-bit). + +NB: Does not work in userland emulators (e.g. QEMU) which do not provide ptrace +emulation. + +It requires: +* Architecture + * Alpha + * ARM (32-bit EABI) + * Blackfin + * HPPA/PA-RISC (32-bit) + * Itanium + * PowerPC (32-bit & 64-bit) + * s390 (32-bit & 64-bit) + * x86 (32-bit & 64-bit & x32) +* Operating system + * [Linux](https://kernel.org/) 2.6.20+ +* C library + * They all should work!