tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Capsicum: practical capabilities for UNIX

On Mon, 25 Oct 2010 20:13:16 -0500, David Young <> 
> I've been wondering if the dynamic linker could simulate access to
> the global namespace by supplying alternate system-call stubs.  Say
> rtld-elf-cap supplies its own open(2) stub, for example, that searches
> Capsicum's fdlist for a suitable file descriptor on which to call
> openat(2):
> int
> open(const char *path, int flags, mode_t mode)
> {
>       const char *name;
>       int fd;
>       for (name, fd in fdlist) {
>               if (path is-under-directory name)
>                       return openat(fd, path, flags, mode);
>       }
>       errno = ENOENT;
>       return -1;
> }

That would only work with dynamic executables. Sandboxing static
executables that way will not work.

Anyway, that's a possibility. I know someone that is working on something
in this area, but it uses SECCOMP from Linux, and a syscall interception
method (intent is to avoid patching code in the binary) [1]


Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index