On Tue, Oct 26, 2010 at 01:04:30PM +0200, Jean-Yves Migeon wrote: > > On Mon, 25 Oct 2010 20:13:16 -0500, David Young <[email protected]> wrote: > > I've been wondering if the dynamic linker could simulate access to > > the global namespace by supplying alternate system-call stubs. Say > > rtld-elf-cap supplies its own open(2) stub, for example, that searches > > Capsicum's fdlist for a suitable file descriptor on which to call > > openat(2): > > > > int > > open(const char *path, int flags, mode_t mode) > > { > > const char *name; > > int fd; > > > > for (name, fd in fdlist) { > > if (path is-under-directory name) > > return openat(fd, path, flags, mode); > > } > > errno = ENOENT; > > return -1; > > } > > That would only work with dynamic executables. Sandboxing static > executables that way will not work.
Good point. Perhaps the C-language syscall stub for open(2) in libc.a (is it a figment of my imagination?) can do the dance I describe above if the syscall returns ENOTCAPABLE? > Anyway, that's a possibility. I know someone that is working on something > in this area, but it uses SECCOMP from Linux, and a syscall interception > method (intent is to avoid patching code in the binary) [1] I'll have a look at that, thanks. Dave -- David Young OJC Technologies [email protected] Urbana, IL * (217) 278-3933
