Linux Sandboxes and Fil-C
2 days ago
- #Sandboxing
- #Linux Security
- #Memory Safety
- Memory safety and sandboxing are orthogonal concepts; one can exist without the other.
- Examples illustrate scenarios where memory safety exists without sandboxing and vice versa.
- Sandboxes often have design holes, allowing potential breaches if combined with memory safety bugs.
- Combining memory safety with sandboxing provides the best defense against security threats.
- Fil-C is a memory-safe implementation of C/C++, capable of low-level system operations.
- OpenSSH uses seccomp-BPF among other Linux tools for sandboxing unprivileged processes.
- Fil-C requires special handling for `setrlimit` and seccomp-BPF due to its runtime operations.
- A new API, `zlock_runtime_threads()`, prevents thread creation post-sandbox activation in Fil-C.
- Modifications to OpenSSH's seccomp filter include allowing `MAP_NORESERVE` and `sched_yield` for Fil-C compatibility.
- Fil-C implements `prctl` to ensure sandbox settings apply to all runtime threads, enhancing security.