MacPorts and sandboxing
Clemens Lang
cal at macports.org
Thu Sep 27 13:09:29 PDT 2012
Hi,
On Thu, Sep 27, 2012 at 02:45:18PM -0400, Arno Hautala wrote:
> What about other options like chroot? Would it be possible to build
> within a chrooted environment? Maybe that would be too heavy in having
> to copy all dependencies to the chroot.
chroot certainly is a way to solve this problem, but I think it's too
heavyweight and slow for our needs.
We could fix the way trace mode worked before, i.e., using an "overlay
filesystem" using DYLD_INSERT_LIBRARIES (the eqivalent to Linux'
LD_PRELOAD). Wrapping filesystem-related syscalls is a way to implement
sandboxing. It's not impossible to escape from this poor man's sandbox,
though. The downside of this method is the number of syscalls and
userland-side configuration we need to support (32bit vs. 64bit
syscalls, inodes, etc.).
That being said, I already have most of the work done locally. I haven't
commited this yet because I'm still hunting a bug where the socket
connection to port(1) controlling the sandbox is lost (and the next call
to send(2) fails with ENOTSOCK).
--
Clemens Lang
More information about the macports-dev
mailing list