Article: State of Sandboxing in Linux

[Ali Polatel <alip () hexsys org>]

Hello list,

I want to share an article I wrote on Linux Sandboxing:
https://git.sr.ht/~alip/syd/tree/main/item/doc/toctou-or-gtfo.md

There's nothing new in there except something I discovered on Landlock which may be a bug or a feature.
TL;DR Landlock allows you to chdir into a directory that's not allowlisted. That's it though, you can
not list/read anything in there so I'd not say this is anything more than a potential info leak (as in
you discovered the dir existed). That said, I am not quite sure.

Very small PoC for those who do no want to read the article:
(-plib turns all seccomp sandboxing off so we apply a very simple landlock sandbox
only allowing /usr, busybox is static linked)

⇒ syd -plib -msandbox/lock:on -m allow/lock/read+/lib -m allow/lock/read+/usr busybox sh
~/src/syd/syd-3 $ cd /tmp
/tmp $ busybox ls
ls: can't open '.': Permission denied
/tmp $

I could enter /tmp although that's not allowlisted by Landlock.

Best regards,
Ali Polatel

PS: Initially I've sent this e-mail using the wrong e-mail address (was not subscribed
to the list), so this is a resend. I apologize if you end up receiving it twice.

Attachment: publickey - alip@hexsys.org - 0xC22DA9DE.asc
Description:

Attachment: signature.asc
Description: OpenPGP digital signature