On Mon, 25 Oct 2010 20:13:16 -0500, David Young <[email protected]> wrote: > I've been wondering if the dynamic linker could simulate access to > the global namespace by supplying alternate system-call stubs. Say > rtld-elf-cap supplies its own open(2) stub, for example, that searches > Capsicum's fdlist for a suitable file descriptor on which to call > openat(2): > > int > open(const char *path, int flags, mode_t mode) > { > const char *name; > int fd; > > for (name, fd in fdlist) { > if (path is-under-directory name) > return openat(fd, path, flags, mode); > } > errno = ENOENT; > return -1; > }
That would only work with dynamic executables. Sandboxing static executables that way will not work. Anyway, that's a possibility. I know someone that is working on something in this area, but it uses SECCOMP from Linux, and a syscall interception method (intent is to avoid patching code in the binary) [1] [1] http://justanothergeek.chdir.org/2010/03/seccomp-as-sandboxing-solution.html -- Jean-Yves Migeon [email protected]
