GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → unrelentingtech → rusty-sandbox

unrelentingtech / rusty-sandbox

Licence: Unlicense license
A sandboxing library for Rust

Programming Languages

rust
11053 projects

Labels

securityunixcapsicumsandboxingpledgeseatbelt

Projects that are alternatives of or similar to rusty-sandbox

scuba
Kubernetes Container Runtime Interface daemon for running CloudABI jobs
Stars: ✭ 18 (-69.49%)
Mutual labels:  capsicum, sandboxing
connect-or-cut
Simple network sandbox for Unix and Windows
Stars: ✭ 19 (-67.8%)
Mutual labels:  unix, sandboxing
mg
OpenBSD Mg editor. Portable Public Domain Micro Emacs for *BSD, Cygwin, Linux, Mac OS X.
Stars: ✭ 99 (+67.8%)
Mutual labels:  unix
Coherent
Coherent OS
Stars: ✭ 20 (-66.1%)
Mutual labels:  unix
torgo
A UNIX-like Non-GNU command line toolkit
Stars: ✭ 44 (-25.42%)
Mutual labels:  unix
FreeBSD-Ask
FreeBSD 教程——FreeBSD 从入门到跑路。
Stars: ✭ 113 (+91.53%)
Mutual labels:  unix
daemonize-me
Rust library to ease the task of creating daemons
Stars: ✭ 34 (-42.37%)
Mutual labels:  unix
polybar-bluetooth
A fully functional bluetooth module for polybar
Stars: ✭ 59 (+0%)
Mutual labels:  unix
RCE-python-oneliner-payload
Python bind shell single line code for both Unix and Windows, used to find and exploit RCE (ImageMagick, Ghostscript, ...)
Stars: ✭ 23 (-61.02%)
Mutual labels:  unix
timebox
A timer script for Windows/Linux/Unix/macOS to practice timeboxing (the time management technique)
Stars: ✭ 42 (-28.81%)
Mutual labels:  unix
measurement-kit
[DEPRECATED] Network measurement engine
Stars: ✭ 97 (+64.41%)
Mutual labels:  unix
Example
Metarhia application example for Node.js
Stars: ✭ 147 (+149.15%)
Mutual labels:  sandboxing
tetris
Micro Tetris™, based on the 1989 IOCCC Obfuscated Tetris by John Tromp
Stars: ✭ 98 (+66.1%)
Mutual labels:  unix
git-bc
Git plugin to interactively list branches and checkout
Stars: ✭ 59 (+0%)
Mutual labels:  unix
mican
🍊 A simple Unix shell written in Rust
Stars: ✭ 48 (-18.64%)
Mutual labels:  unix
ATAC-seq
Basic workflow for ATAC-seq analysis
Stars: ✭ 30 (-49.15%)
Mutual labels:  unix
sun
Simple library and application that shows sunset and sunrise based on your latitude,longitude
Stars: ✭ 23 (-61.02%)
Mutual labels:  unix
book-note
📖 book note,读书笔记
Stars: ✭ 21 (-64.41%)
Mutual labels:  unix
probes-rs
Rust library to read out system stats from a machine running Unix
Stars: ✭ 14 (-76.27%)
Mutual labels:  unix
Dot-It-Up
A collection of dotfile scripts, plugins, and clever hacks so that you can become the master of your own OS! 🚀
Stars: ✭ 254 (+330.51%)
Mutual labels:  unix
View All Similar Projects ➔

rusty-sandbox unlicense

rusty-sandbox is, obviously, a sandboxing library for Rust that's not gaol.

It's based on a simple model where you can do the following in the sandbox:

  • any normal computation (not I/O)
  • I/O operations on existing file descriptors (i.e. files and sockets opened before entering the sandbox)
  • accepting connections on an existing socket (which creates new file descriptors)
  • opening files under pre-selected directories though the Sandbox/SandboxContext API (which creates new file descriptors)

All other ways of creating new file descriptors will fail in the sandbox! As well as other potentially dangerous interactions with the outside world such as sysctls, process signals (kill), etc. (platform dependent).

Underlying technology

rusty-sandbox strongly prefers simple sandboxing facilities that don't require any persistent and/or user-visible records (such as chroot directories and bind mounts like gaol does on Linux).

  • FreeBSD: Capsicum, the best-supported sandbox that really inspired the design of this library.
  • OpenBSD: pledge, still without the path whitelist thing unfortunately (opening files under select directories DOES NOT WORK), waiting for 6.4 for that
  • Apple OS X: Seatbelt/sandboxd, which Apple kinda wants to deprecate, in favor of App Store-only stuff I think?
  • Linux: TODO oh fuck. This is going to involve seccomp-bpf. Unfortunately, the openat O_BENEATH behavior proposed on capsicum-linux hasn't been accepted into the Linux kernel!

Usage

You can sandbox the current process:

extern crate rusty_sandbox;
use std::fs;
use std::io::Read;
use rusty_sandbox::Sandbox;

fn main() {
    let mut file = fs::File::open("README.md").unwrap();
    Sandbox::new().sandbox_this_process().expect("Couldn't enter sandbox");
    let mut buf = Vec::new();
    file.read_to_end(&mut buf).unwrap();
    println!("Read file: {}", String::from_utf8_lossy(&buf));
    fs::File::open("README.md").expect("But can't open!");
    // on FreeBSD:
    // thread '<main>' panicked at 'But can't open!: Error { repr: Os { code: 94, message: "Not permitted in capability mode" } }', src/libcore/result.rs:760
}

And here's an example for the forked process & allowed directory support. This silly sandboxed process reads files' first lines:

extern crate rusty_sandbox;
use std::io::{Write, BufRead, BufReader};
use rusty_sandbox::Sandbox;

fn main() {
    let mut process = Sandbox::new()
        .add_directory("repo", ".")
        .sandboxed_fork(|ctx, socket| {
            // This closure runs in a forked sandboxed process!
            let reader = BufReader::new(socket.try_clone().unwrap());
            for line in reader.lines() {
                let line = line.unwrap();
                if line == "" {
                    return;
                }
                // yes, this is an OpenOptions API!
                let file = ctx.directory("repo").unwrap()
                    .open_options().open(line).unwrap();
                socket.write_all(
                    BufReader::new(file).lines().next().unwrap().unwrap().as_bytes()
                ).unwrap();
                socket.write_all(b"\n").unwrap();
            }
        }).expect("Could not start the sandboxed process");
    process.socket.write_all(b"README.md\n").unwrap();
    let reader = BufReader::new(process.socket.try_clone().unwrap());
    println!("Line from the sandboxed process: {}", reader.lines().next().unwrap().unwrap());
    process.socket.write_all(b"\n").unwrap(); // The "stop" message
    process.wait().expect("Sandboxed process finished unsuccessfully");
}

(For a real service, use something like urpc!)

Of course, you can use the directories feature when sandboxing the current process too:

extern crate rusty_sandbox;
use std::io::Read;
use rusty_sandbox::Sandbox;

fn main() {
    let ctx = Sandbox::new()
        .add_directory("repo", ".")
        .sandbox_this_process()
        .unwrap();
    let mut file = ctx.directory("repo").unwrap()
        .open_options().open("README.md").unwrap();
    let mut buf = Vec::new();
    file.read_to_end(&mut buf).unwrap();
    println!("Read file: {}", String::from_utf8_lossy(&buf));
}

Fun fact: an early prototype of this library used a shared memory arena for communicating between processes, like the sandbox for the config parser in sandblast. Turns out it's not practical in any language that's higher level than C, because you can't just tell the language's standard library to allocate on an arena.

Contributing

Please feel free to submit pull requests!

By participating in this project you agree to follow the Contributor Code of Conduct.

The list of contributors is available on GitHub.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].