[gentoo-dev] new path sandbox version

[Geert Bevin <gbevin@theleaf.be>]

[-- Attachment #1: Type: text/plain, Size: 1623 bytes --]

Hello everyone,

I've continued the work on the path sandbox. Since access holes might
happen when an application resets the LD_PRELOAD variable, I've added an
additional feature which can only work when the sandbox is being ran as
the root user. When the sandbox is first started up by the root user, it
adds the path to its glibc replacement library to the
'/etc/ld.so.preload' file. Multiple root executed sandbox instances are
tracked and when the last ones exits, the entry from the
'/etc/ld.so.preload' file is removed. All this happens as securely as
possible with the implementation of file locks and such.

Due to the addition of this library to the '/etc/ld.so.preload' file,
all system apps become affected by the sandbox. To prevent this from
having an effect, the sandbox checks for the SANDBOX_ON environmental
variable and only becomes functional if its present.

To be able to implement this I've removed the prior shell wrapper and
implemented everything in c. To test this out, just cd in the archive
dir, run 'make' and './sandbox'.

Note that the sandbox only works with dynamically linked executables and
since bash in gentoo is currently statically linked, it's calls aren't
traced at all. Tomorrow I'm performing some tests to examine how a
dynamically linked bash could potentially interfere with library
upgrades in gentoo (as requested by Daniel).

Please test this out and provide feedback,

Geert Bevin

-- 
Geert Bevin
the Leaf sprl/bvba
"Use what you need"           Pierre Theunisstraat 1/47
http://www.theleaf.be         1030 Brussels
gbevin@theleaf.be             Tel & Fax +32 2 241 19 98

[-- Attachment #2: sandbox-20011203.tar.bz2 --]
[-- Type: application/x-bzip, Size: 7156 bytes --]