Hello list, I want to share an article I wrote on Linux Sandboxing: https://git.sr.ht/~alip/syd/tree/main/item/doc/toctou-or-gtfo.md
There's nothing new in there except something I discovered on Landlock which may be a bug or a feature. TL;DR Landlock allows you to chdir into a directory that's not allowlisted. That's it though, you can not list/read anything in there so I'd not say this is anything more than a potential info leak (as in you discovered the dir existed). That said, I am not quite sure. Very small PoC for those who do no want to read the article: (-plib turns all seccomp sandboxing off so we apply a very simple landlock sandbox only allowing /usr, busybox is static linked) ⇒ syd -plib -msandbox/lock:on -m allow/lock/read+/lib -m allow/lock/read+/usr busybox sh ~/src/syd/syd-3 $ cd /tmp /tmp $ busybox ls ls: can't open '.': Permission denied /tmp $ I could enter /tmp although that's not allowlisted by Landlock. Best regards, Ali Polatel PS: Initially I've sent this e-mail using the wrong e-mail address (was not subscribed to the list), so this is a resend. I apologize if you end up receiving it twice.
publickey - alip@hexsys.org - 0xC22DA9DE.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
