Theo de Raadt writes:
> [email protected] wrote: > >> If there isn't - what about changing the kernel so unveiled paths persist >> between execs? That would allow very easy container-like sandboxing. > > This last sentence bothers me a lot, I am extremely jaded having heard the > same ideas over and over and over. > > "very easy" is not thought through to the end. > > unveil and pledge are not container-like sandboxes. > > I wish people would stop trying to assume highly-detailed technologies for > one problem domain can automatically satisfy some other problem domain. Never a good sign when people can write a 28 page paper on the definition of the word "sandbox" or lack thereof: https://www.researchgate.net/publication/292186843_A_systematic_analysis_of_the_science_of_sandboxing > > unveil and pledge exist for a process to *PROTECT AGAINST IT'S OWN > MISBEHAVIOUR*. > > If you use "exec", you have intentionally and visibly opened an escape > hatch to run other programs, which are EXPECTED to self-protect against > their own misbehaviour. > > Sandboxes are for little children with tonka trucks. Given that, I think this is the most pertinent research. It's about summer time in the northern hemisphere, so some of you might find this helpful. While published in 2008, it's still applicable today! https://www.wormsandgermsblog.com/files/2008/04/M3-Sandbox2.pdf -dv
