Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend the sandbox to work for legacy programs #13

Open
GoogleCodeExporter opened this issue Feb 15, 2016 · 0 comments
Open

Extend the sandbox to work for legacy programs #13

GoogleCodeExporter opened this issue Feb 15, 2016 · 0 comments

Comments

@GoogleCodeExporter
Copy link

Currently the seccomp sandbox works as a library.  After starting up, a process 
can enable the sandbox.  This means the sandbox is limited to trusted programs 
that wish to run parts of themselves untrusted.

It would be good if the seccomp sandbox could be applied to existing programs.  
To run an existing executable, we would have to enable sandboxing before the 
executable's code is run.  Furthermore, we don't want to have to modify glibc's 
dynamic linker (ld.so), or trust it.  So we would need to enable sandboxing 
before the dynamic linker gets control too.

We would need to support whatever syscalls ld.so does on startup.  One case of 
this is ld.so's TLS initialisation.  On i386, this uses set_thread_area().  On 
x86-64, it uses arch_prctl()+ARCH_SET_FS.

There is a design sketch for this at http://plash.beasts.org/wiki/SeccompSandbox

Original issue reported on code.google.com by mseaborn@chromium.org on 11 Nov 2010 at 4:05

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant