This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
Adam Langley (author)
Sun Jun 07 17:44:01 -0700 2009
commit e146336a1d17d53b02fa34e1a083a95b5d882d06
tree c0d8c74d8375a84b248eabf28ee338edbc23b42b
parent b8fd2e3fd44eccd316ba3fbdf9c69846c90b6163
tree c0d8c74d8375a84b248eabf28ee338edbc23b42b
parent b8fd2e3fd44eccd316ba3fbdf9c69846c90b6163
lsmsb /
| name | age | message | |
|---|---|---|---|
 |
Makefile | Sun Jun 07 17:37:56 -0700 2009 | |
| |
README | Sun Jun 07 17:44:01 -0700 2009 | |
| |
dia1.svg | Sun Jun 07 17:37:56 -0700 2009 | |
| |
dia2.svg | Sun Jun 07 17:37:56 -0700 2009 | |
| |
example-sandbox1.sb | Sun Jun 07 17:37:56 -0700 2009 | |
| |
example-sandbox2.sb | Sun Jun 07 17:37:56 -0700 2009 | |
| |
kernel-patch.diff | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb-as.cc | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb-install.c | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb.aw | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb.c | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb.html | Sun Jun 07 17:37:56 -0700 2009 | |
| |
lsmsb_external.h | Sun Jun 07 17:37:56 -0700 2009 | |
| |
style.css | Sun Jun 07 17:37:56 -0700 2009 |
README
A Linux Sandboxing Scheme
This is LSMSB, a sandboxing scheme for Linux based on the ideas of the OS X
sandbox (which, in turn, was inspired by TrustedBSD and FreeBSD).
Imagine that you're working on a university computer and you get a binary which
promises to do some fiendishly complex calculation, reading from a file ./input
and writing to a file ./output. It also talks to a specific server to access a
pre-computed lookup table. You want to run it, but you don't want to have to
trust that it won't do anything malicious (save giving the wrong answer).
This code is incomplete, but currently you can take a sandbox specification
like this:
filter dentry-open {
constants {
var etc-prefix bytestring = "/etc/";
}
ldc r2,etc-prefix;
isprefixof r2,r2,r0;
jc r2,#fail;
ldi r0,1;
ret r0;
#fail:
ldi r0,0;
ret r0;
}
... and use it to remove access to /etc.
*** This code functions, but is incomplete ***
It's written in a literate programming style, but the derived sources are
included so that you don't have to bother with that in order to build. You'll
need a recent (> 2.6.30-rc1) kernel in order to apply the included patch. Once
you've applied the patch, drop lsmsb.c into security/lsmsb and rebuild.
You can assemble a sandbox file with:
./lsmsb-as sandbox-input.sb > sandbox
And then run a shell in the sandbox with:
./lsmsb-install sandbox
To read the code, see http://www.imperialviolet.org/binary/lsmsb.html
