Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC for a shell interpreter sandbox. #40

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

PoC for a shell interpreter sandbox. #40

wants to merge 1 commit into from

Conversation

alecthomas
Copy link
Collaborator

@alecthomas alecthomas commented May 31, 2021
edited
Loading

This uses mvdan/sh/interp to provide a builtin POSIX shell interpreter
whose file operations are (mostly) restricted to a sandbox root. I say
mostly because the builtin shell globbing (eg. echo /etc/*) still
allows listing directories outside the sandbox, though accessing them is
prevented, but also because I'm not certain about those guarantees.

The basics seem to work though there would be quite a bit more work
fleshing out the supported utilities.

Security wise I'm not sure this gives us much, as one of the goals of
this is to allow executables within the sandbox to be executed (eg.
Java's keytool). If this is allowed then the package can basically
execute arbitrary code without restriction, so I don't think there are
many/any security benefits whatsoever.

However it does vastly simplify hooks while simultaneously making them much more flexible, eg.

diff --git a/openjdk.hcl b/openjdk.hcl
index e64c64b..bcb0fca 100644
--- a/openjdk.hcl
+++ b/openjdk.hcl
@@ -9,20 +9,12 @@ strip = 1
 
 // Install root certificate
 on unpack {
-    chmod { mode = 0600 file = "${root}/lib/security/cacerts" }
-    copy { from = "cacerts/g2.pem" to = "${dest}/cacert.pem" }
-    run {
-        cmd = "${root}/bin/keytool"
-        args = [
-            "-importcert",
-            "-noprompt",
-            "-storepass", "changeit",
-            "-keystore", "${root}/lib/security/cacerts",
-            "-alias",  "g2",
-            "-file", "${dest}/cacert.pem"
-        ]
-    }
-    chmod { mode = 0400 file = "${root}/lib/security/cacerts" }
+    exec = <<-EOF
+      chmod 600 lib/security/cacerts
+      cp "source:///cacerts/g2.pem" "${dest}/cacert.pem"
+      bin/keytool -importcert -noprompt -storepass changeit -keystore "lib/security/cacerts" -alias g2 -file "${dest}/cacert.pem"
+      chmod 400 lib/security/cacerts
+    EOF
 }
 
 darwin {

There are also other benefits such as consistent shell support across any
OS, including Windows, no need to rely on particular versions
of bash being present, and some safety guarantees around accidentally
violating the sandbox - eg. a script that accidentally rm's some files.

@alecthomas alecthomas requested a review from jvmakine May 31, 2021 06:12
@alecthomas alecthomas force-pushed the aat/shell-sandbox branch 4 times, most recently from 40299f0 to 8db710d Compare December 28, 2021 05:26
@alecthomas
PoC for a shell interpreter sandbox.
c0cd5bd 
This uses mvdan/sh/interp to provide a builtin POSIX shell interpreter
whose file operations are (mostly) restricted to a sandbox root. I say
mostly because the builtin shell globbing (eg. `echo /etc/*`) still
allows listing directories outside the sandbox, though accessing them is
prevented.

The basics seem to work though there would be quite a bit more work
fleshing out the supported utilities.

Security wise I'm not sure this gives us much, as one of the goals of
this is to allow executables _within_ the sandbox to be executed (eg.
Java's keytool). If this is allowed then the package can basically
execute arbitrary code without restriction, so I don't think there are
many/any security benefits whatsoever.

However there are other benefits: consistent shell support across any
OS, including Windows. There is no need to rely on particular versions
of bash being present. Some safety guarantees around accidentally
violating the sandbox - eg. a script that accidentally rm's some files.

Are these benefits large enough to warrant fleshing this out? I am not
certain.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvmakine jvmakine Awaiting requested review from jvmakine

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alecthomas