StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p><code>ptrace</code> seems to be the most obvious tool but aside from that…</p> <p>util-linux[-ng] has a command <a href="http://karelzak.blogspot.com/2009/12/unshare1.html" rel="noreferrer"><code>unshare</code></a>, which uses the kernel's <a href="http://www.kernel.org/doc/man-pages/online/pages/man2/clone.2.html" rel="noreferrer"><code>clone</code></a>/<a href="http://www.kernel.org/doc/man-pages/online/pages/man2/unshare.2.html" rel="noreferrer"><code>unshare</code></a> interfaces. If you run the new process through<code>unshare -n</code> (or <code>clone(CLONE_NEWNET)</code>), any network sockets it creates are in a different namespace. That doesn't solve the kernel resource issue but it does sandbox the process.</p> <p>The Linux kernel also supports <a href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=kernel/seccomp.c;hb=HEAD" rel="noreferrer">seccomp</a>, a mode entered with <code>prctl(PR_SET_SECCOMP, 1)</code> which prevents the process (well, thread, really) from calling any syscalls other than <code>read</code>, <code>write</code>, <code>exit</code>, and <code>sigreturn</code>. It's a pretty effective sandbox but difficult to use with unmodified code.</p> <p>You can define a SELinux domain which disallows <code>socket</code>/<code>bind</code>/etc. calls, and perform a dynamic transition into that type. This (obviously) requires a system with an actively enforcing SELinux policy. (Possibly similar things are possible with AppArmor and TOMOYO, but I'm not very familiar with any of them.)</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload