Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Running an untrusted application on Linux in a sandbox

Tags:

sandbox

embedded-linux

selinux

We have a device running Linux and we need to run untrusted applications on this. We are trying to alleviate the following security concerns -

  1. The untrusted application should not be able to adversely affect the core OS data and binaries
  2. The untrusted application should not be able to adversely affect another application's data and binaries
  3. The untrusted application should not be able consume excessive CPU, memory or disk and cause a DoS/resource starvation like situation to the core OS or the other applications

From the untrusted application standpoint, it only needs to be able to read and write to its own directory and maybe the mounted USB drive

We are thinking of using one of the following approaches -

Approach 1 - Use SELinux as a sandbox

  • Is this possible? I have read a bit of SELinux and it looks a bit complicated in terms of setting up a policy file and enforcing it at runtime etc. Can SELinux do this and restrict the untrusted application to just read/write its own directory and also be able to set quota limits?

Approach 2 - Create a new sandbox on our own

  • During install time

    • Create a new app user for each untrusted application
    • Stamp the entire application directory and files with permissions so that only the application user can read and write
    • Set quotas for the application user using ulimit/quota

  • During run time, launch the untrusted application using

    • Close all open file descriptors/handles
    • Use chroot to set the root to the application directory
    • Launch the application under the context of the application user

Thoughts on the above? Which approach is more secure than the other? Is there another approach that might work out better? We do not have a choice to move Android due to some reasons so we cannot use the sandboxing features that Android provides natively...

Let me know

Thanks,

like image 951
user967973 Avatar asked Mar 15 '13 16:03

user967973

People also ask

Does Linux have a sandbox?

The system management suite of tools systemd is used on almost all major Linux distributions to start, stop, and manage programs and processes. It has many sandboxing options that restrict how the process it starts accesses the host system, making it more secure.

What is sandbox mode in Linux?

Sandboxing involves providing a safe environment for a program or software so that you can play around with it without hurting your system. It actually keeps your program isolated from the rest of the system, by using any one of the different methods available in the Linux kernel.

1 Answers

The SELinux is a set of rules that are applies a bit similar as user rights even more complex. You can use it for each process to set a domain of that process and allow or deny nearly any access. It means access to files, network or processes/threads. That way it can be used as a kind of sandbox. However you have to prepare a rule set for each process or you can make a script that has to be run before sandboxed application to prepare rules itself.

If you want to take control on CPUs consumption, the SELinux has not a CPU planner because any rules have just one of two logical results 'allow' or 'deny' access. I recommend you 'cgroups' to control CPUs consumption.

like image 72
user1959366 Avatar answered Oct 18 '22 21:10

user1959366
Sign in to Comment

Related questions

Can I prevent a Linux user space pthread yielding in critical code?
AM335x watchdog does not work
Passing Bootargs via Chosen node in Device Tree not working for Beaglebone Black
Why are MSI interrupts not shared?
What is the use of vmlinux file generated when we compile linux kernel
Using mono in embedded linux for hardware
How to determine whether a hardware or a software watchdog is implemented on the machine?
How do I find ARM Linux entry point when it fails to uncompress?
how to compute differences between two binaries (i.e., two executables) in linux
Mouse and Keyboard not working in qemu emulator
Write a recipe in yocto for a python application
Overwriting Yocto Classes through meta-layer
How to list all of the .bb and .bbappend files used to build a specific package with bitbake?
Difference between class-target and class-native in yocto recipe
What is the easiest x86 Embedded Linux? [closed]
Mac OS X driver to work with Linux USB composite gadget driver g_multi
Userspace Thread Latency during IO operations
Can't boot basic OpenEmbedded-Core on Freescale i.MX28

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!