from Hacker News

Show HN: Sandy – A tiny Sandbox to run untrusted code ️

by craig on 1/12/20, 12:30 PM with 13 comments

  • by q3k on 1/13/20, 12:44 PM

    Any blacklist-based syscall filtering solution that aims to run untrusted code is bound to be doomed, as the surface of all possible syscalls and ways they can be exploited to bypass some policy is enormous.

    Poignantly, the naive approach of 'let's just block read(2) to prevent file access' doesn't work - there's multiple ways to bypass simple read(2) filtering like this. The easiest that come to mind are:

      - using readv(2)
  - using sendfile(2)
  - sym/hardlinks to bypass path checks, and the inherent TOCTOU exploits of further naive checks
    The same applies to any other policy you wish to implement, and for every one of those you need to consider the collection of all Linux syscalls and filter all of the relevant ones. There's around 300 syscalls in Linux as of writing.

    Not to mention typical newbie mistakes that this project makes: not following forks, not checking for 32-bit syscalls, etc.

    gVisor [1] does this well - instead of filtering, it reimplements the logic for handling Linux syscalls in userspace (eg., is actually responsible for handing out FDs and other handles, presenting the filesystem to the user, etc).

    [1] - https://github.com/google/gvisor

  • by roryrjb on 1/13/20, 7:59 AM

    I don't think this really is what people might call a sandbox but it can optionally block or allow syscalls happening (in my mind only one aspect of a sandbox) and it looks like it's interactive. I think this is great. OpenBSD has had great success with pledge and I have been experimenting with seccomp (via the libseccomp project) with both Node.js bindings and a cli in C for doing a very similar thing as Sandy (although not interactively, which is a nice touch).

  • by minitech on 1/13/20, 8:55 AM

    I’m not really familiar with ptrace, but does this

      if regs.Orig_rax == 0 {
    mean it only intercepts the read syscall? Seems like any security someone was hoping to provide with this could be bypassed entirely by accident (e.g. a script in a language that always uses readv).

    Anyway if that is what it means you should probably not describe this as “to run untrusted code”.

  • by cixter on 1/13/20, 12:53 PM

    The coolest thing about this read is the idea of a free-beer.bounty lowkey CTF file in my home dir.

  • by riyakhanna1983 on 1/13/20, 2:25 PM

    SandFS does not rely on PTRACE, but uses eBPF. No TOCTTOU races. https://lwn.net/Articles/803890/

  • by emmelaich on 1/13/20, 11:01 PM