From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 28F751396D0 for ; Fri, 22 Sep 2017 15:20:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8C3AA1FC195; Fri, 22 Sep 2017 15:20:29 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3F1F01FC190 for ; Fri, 22 Sep 2017 15:20:29 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 909F634069A; Fri, 22 Sep 2017 15:20:27 +0000 (UTC) Message-ID: <1506093623.1104.1.camel@gentoo.org> Subject: Re: [gentoo-dev] Reviving the Sandbox project From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Fri, 22 Sep 2017 17:20:23 +0200 In-Reply-To: <20170922125721.2fc2f243@gentoo.org> References: <1506023769.15165.14.camel@gentoo.org> <1506025998.3293.1.camel@gentoo.org> <1506027262.15165.15.camel@gentoo.org> <1506028054.8561.1.camel@gentoo.org> <1506029117.15165.17.camel@gentoo.org> <1506053238.1115.0.camel@gentoo.org> <20170922125721.2fc2f243@gentoo.org> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 336e6685-17af-4b5a-b2cf-aca990fbf909 X-Archives-Hash: 0f37dbd637c5a2c6e533e1bbe9c17450 W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis Ballier napisał: > On Fri, 22 Sep 2017 06:07:18 +0200 > Michał Górny wrote: > > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner > > napisał: > > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny > > > wrote: > > > > Given that sandbox is utterly broken by design, I don't really > > > > want to put too much effort in trying to make it a little better. > > > > I'd rather put the minimal effort required to make it > > > > not-much-worse. > > > > > > You said in your initial email that you weren't an expert in its > > > internals, but here you say it's broken by design. Why do you think > > > that? > > > > > > > Because it uses LD_PRELOAD which is a huge hack and which causes > > guaranteed issues we can't really fix. All we can do is disable it for > > emacs, for compiler-rt and I'm afraid this list will grow because > > overriding random library functions is never a good idea. > > > > I think we're all ears for a better solution. There are probably much > better ways to do sandboxing these days than 15 years ago. > > LD_PRELOAD does not work with static binaries. Hence the non > portable ptrace stuff. Hence bugs. Etc. The point is, that's the > best we have now. > I know of two obvious alternatives: ptrace and filesystem layer (e.g. FUSE). For the former, there's sydbox. I'm going to look into integrating it into Portage when I have more time. For the latter, I have writing one in TODO. But I'm not sure when I'll have enough time to do work on it. -- Best regards, Michał Górny