From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1598A1396D0 for ; Fri, 22 Sep 2017 10:57:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CD7ACE0CA4; Fri, 22 Sep 2017 10:57:28 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8220DE0C01 for ; Fri, 22 Sep 2017 10:57:28 +0000 (UTC) Received: from localhost (unknown [IPv6:2a01:e34:eeaa:6bd0:4ecc:6aff:fe03:1cfc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: aballier) by smtp.gentoo.org (Postfix) with ESMTPSA id E9BEB33BF43 for ; Fri, 22 Sep 2017 10:57:26 +0000 (UTC) Date: Fri, 22 Sep 2017 12:57:21 +0200 From: Alexis Ballier To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Reviving the Sandbox project Message-ID: <20170922125721.2fc2f243@gentoo.org> In-Reply-To: <1506053238.1115.0.camel@gentoo.org> References: <1506023769.15165.14.camel@gentoo.org> <1506025998.3293.1.camel@gentoo.org> <1506027262.15165.15.camel@gentoo.org> <1506028054.8561.1.camel@gentoo.org> <1506029117.15165.17.camel@gentoo.org> <1506053238.1115.0.camel@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 57be8ba8-e34a-4479-9912-b4d3e18522bc X-Archives-Hash: 3b9061e65f4f39e0d0a5037149d21a82 On Fri, 22 Sep 2017 06:07:18 +0200 Micha=C5=82 G=C3=B3rny wrote: > W dniu czw, 21.09.2017 o godzinie 15=E2=88=B641=E2=80=89-0700, u=C5=BCytk= ownik Matt Turner > napisa=C5=82: > > On Thu, Sep 21, 2017 at 2:25 PM, Micha=C5=82 G=C3=B3rny > > wrote: =20 > > > Given that sandbox is utterly broken by design, I don't really > > > want to put too much effort in trying to make it a little better. > > > I'd rather put the minimal effort required to make it > > > not-much-worse. =20 > >=20 > > You said in your initial email that you weren't an expert in its > > internals, but here you say it's broken by design. Why do you think > > that? > > =20 >=20 > Because it uses LD_PRELOAD which is a huge hack and which causes > guaranteed issues we can't really fix. All we can do is disable it for > emacs, for compiler-rt and I'm afraid this list will grow because > overriding random library functions is never a good idea. >=20 I think we're all ears for a better solution. There are probably much better ways to do sandboxing these days than 15 years ago. LD_PRELOAD does not work with static binaries. Hence the non portable ptrace stuff. Hence bugs. Etc. The point is, that's the best we have now. Alexis.