Re: [gentoo-dev] Reviving the Sandbox project

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Reviving the Sandbox project
Date: Fri, 22 Sep 2017 19:39:16 +0200	[thread overview]
Message-ID: <1506101956.1104.3.camel@gentoo.org> (raw)
In-Reply-To: <20170922191526.0c25a46e@gentoo.org>

W dniu pią, 22.09.2017 o godzinie 19∶15 +0200, użytkownik Alexis Ballier
napisał:
> On Fri, 22 Sep 2017 17:20:23 +0200
> Michał Górny <mgorny@gentoo.org> wrote:
> 
> > W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis
> > Ballier napisał:
> > > On Fri, 22 Sep 2017 06:07:18 +0200
> > > Michał Górny <mgorny@gentoo.org> wrote:
> > >   
> > > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt
> > > > Turner napisał:  
> > > > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny
> > > > > <mgorny@gentoo.org> wrote:    
> > > > > > Given that sandbox is utterly broken by design, I don't really
> > > > > > want to put too much effort in trying to make it a little
> > > > > > better. I'd rather put the minimal effort required to make it
> > > > > > not-much-worse.    
> > > > > 
> > > > > You said in your initial email that you weren't an expert in its
> > > > > internals, but here you say it's broken by design. Why do you
> > > > > think that?
> > > > >     
> > > > 
> > > > Because it uses LD_PRELOAD which is a huge hack and which causes
> > > > guaranteed issues we can't really fix. All we can do is disable
> > > > it for emacs, for compiler-rt and I'm afraid this list will grow
> > > > because overriding random library functions is never a good idea.
> > > >   
> > > 
> > > I think we're all ears for a better solution. There are probably
> > > much better ways to do sandboxing these days than 15 years ago.
> > > 
> > > LD_PRELOAD does not work with static binaries. Hence the non
> > > portable ptrace stuff. Hence bugs. Etc. The point is, that's the
> > > best we have now.
> > >   
> > 
> > I know of two obvious alternatives: ptrace and filesystem layer (e.g.
> > FUSE).
> > 
> > For the former, there's sydbox. I'm going to look into integrating it
> > into Portage when I have more time.
> 
> From: https://github.com/alip/pinktrace/blob/master/configure.ac
> case "$host_cpu" in
> i[[3456]]86|pentium)
> x86?64*|amd64)
> ia64)
> powerpc64*)
> powerpc*)
> arm*)
>  [add support for those arches]
> *)
> 	AC_MSG_RESULT([NO!])
> 	AC_MSG_ERROR([Architecture $host_cpu is not supported by
> pinktrace]) ;;
> 
> sandbox keywords:
> 2.11-r5:0: ~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc
>  ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd
> 
> 
> Good luck adding the missing bits!
> 
> 
> > For the latter, I have writing one in TODO. But I'm not sure when I'll
> > have enough time to do work on it.
> 
> Not sure how that would work, but you'll likely need some kind of
> chroot/container since you don't want to trust a random binary ran as
> root to respect environment variables.
> 

Environment variables? What for?

-- 
Best regards,
Michał Górny

next prev parent reply	other threads:[~2017-09-22 17:39 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-21 19:56 [gentoo-dev] Reviving the Sandbox project Michał Górny
2017-09-21 20:33 ` Mart Raudsepp
2017-09-21 20:54   ` Michał Górny
2017-09-21 21:07     ` Mart Raudsepp
2017-09-21 21:25       ` Michał Górny
2017-09-21 22:41         ` Matt Turner
2017-09-22  4:07           ` Michał Górny
2017-09-22 10:57             ` Alexis Ballier
2017-09-22 11:38               ` Sergei Trofimovich
2017-09-22 12:04                 ` Alexis Ballier
2017-09-22 12:27                 ` Rich Freeman
2017-09-22 15:06                   ` James McMechan
2017-09-22 17:03                     ` Brian Dolbec
2017-09-22 17:16                       ` Patrick McLean
2017-09-22 15:20               ` Michał Górny
2017-09-22 17:15                 ` Alexis Ballier
2017-09-22 17:39                   ` Michał Górny [this message]
2017-09-22 18:31                     ` Alexis Ballier
2017-09-22 21:26                       ` Michał Górny
2017-09-21 21:28       ` Patrick McLean
2017-09-22 21:51 ` R0b0t1
2017-09-22 22:01   ` Michael Orlitzky
2017-09-22 22:05   ` Alec Warner
2017-09-23  5:18     ` R0b0t1

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1506101956.1104.3.camel@gentoo.org \
    --to=mgorny@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox