We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Oblivious sandboxing

Logo of Berkeley Software Distribution (BSD)Berkeley Software Distribution (BSD)
 Anderson, Jonathan Godfrey, Stanley

Formal Metadata

Title
Oblivious sandboxing
Subtitle
Developments in transparent sandboxing with Capsicum
Title of Series
Number of Parts
31
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Compartmentalization (a.k.a., sandboxing) can be used to protect applications from themselves and protect users from applications. However, today's techniques require applications to be willing participants: invasive modifications are required, and it's up to the application whether or not it will sandbox itself. We would like to move towards a model in which moderately complex applications like compilers can be started from sandboxes and have their access to global namespaces transparently mediated. This talk will describe recent work in FreeBSD that is driving at the goal of transparent, oblivious sandboxing. We will discuss changes in the ELF image activator and run-time linker to support transparent sandboxing as well as a support library for managing pre-opened directory descriptors and a simple shell application to start applications from within sandboxes. Together, these techniques allow us to take a few more steps towards our goal of usefully confining applications whether they like it or not. Application compartmentalization (a.k.a., sandboxing) can be used to protect applications from themselves and protect users from misbehaving applications. However, the current state of the art requires applications to be willing participants: invasive modifications are required, and it's up to the application whether or not it will voluntarily sandbox itself. We would like to move towards a world in which applications can be started from within compartments (created with technologies like Capsicum) and have their access to global namespace like filesystems transparently mediated. This approach may never scale to applications with complex event models like web browsers, but we believe that there is a great deal of mileage to get out of it with more straightforward (though still sophisticated) applications like compilers. This talk will describe recent work in FreeBSD that is driving at the goal of transparent, oblivious sandboxing. We will discuss changes in the ELF image activator and run-time linker to support transparent sandboxing as well as a support library for managing pre-opened directory descriptors and a simple shell application to start applications from within sandboxes. Together, these techniques allow us to take a few more steps towards our goal of usefully confining applications whether they like it or not