A ptrace based sandbox implementation. #Sandbox implementation #Catbox and strace #Intercept system calls #Implementation #Sandbox #Catbox
Sydbox is a ptrace based sandbox implementation which is based in part upon catbox and strace.
Being ptrace based, it doesn't suffer the well known security issues that LD_PRELOAD based sandbox implementations suffer from.
Sydbox tries hard to avoid symlink and other kind of races to be on the secure side. It has basic support to disallow network connections.
Currently it only supports x86 and x86_64 architectures but adding support for new architectures should be trivial.
Currently it intercepts 15 system calls. The other essential system calls that has to be intercepted are the at suffixed functions (openat, mkdirat, mknodat etc.) and i'll add them soon. Look at the system call dispatch table in src/syscall.c⁴ for more information.
Configuration is handled using confuse, it's pretty straightforward and easy to understand. Look at the example configuration file⁶ for more information.
Usage and transition will be simple in my humble opinion. Repositories will have a default sydbox.conf file in metadata/.
There will be per-category and per-package based sydbox.conf files which will replace addpredict and addwrite calls.
These files should include() the repository default configuration file which can be done easily if the package manager sets an environment variable that points to the root of the repository. Confuse can handle environment variables.
The package manager is supposed to call the exheres using sydbox like: sydbox -p PHASE -- command-to-execute-phase.
Sydbox 0.7.6
add to watchlist add to download basket send us an update REPORT- runs on:
- Linux
- main category:
- Security
- developer:
- visit homepage
paint.net 5.0.13 (5.13.8830.42291)
IrfanView 4.67
calibre 7.9.0
7-Zip 23.01 / 24.04 Beta
Microsoft Teams 24060.3102.2733.5911 Home / 1.7.00.7956 Work
Windows Sandbox Launcher 1.0.0
Bitdefender Antivirus Free 27.0.35.146
Zoom Client 6.0.0.37205
4k Video Downloader 1.5.3.0080 Plus / 4.30.0.5655
ShareX 16.0.1
- Zoom Client
- 4k Video Downloader
- ShareX
- paint.net
- IrfanView
- calibre
- 7-Zip
- Microsoft Teams
- Windows Sandbox Launcher
- Bitdefender Antivirus Free