[Dnsmasq-discuss] [PATCH] implemented sandbox

Discussion:

Denis Solonkov

2017-09-05 10:32:37 UTC

Hi Simon,

As part of my Google summer internship project I have implemented a sandbox
for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests and
documentation.

Such sandbox provides defense in depth to dnsmasq, by restricting what
files it can access and which syscalls it can make, in case remote code
execution vulnerabilities are discovered in dnsmasq.

Would you be interested in reviewing my patches and maybe integrate them in
dnsmasq?

Please find attached my patch against master head, but let me know if there
is another way for us to review and discuss the change.

Kind regards,

Denis Solonkov

Loganaden Velvindron

2017-09-05 11:09:34 UTC

Permalink

Post by Denis Solonkov
Hi Simon,
As part of my Google summer internship project I have implemented a sandbox
for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests and
documentation.
Such sandbox provides defense in depth to dnsmasq, by restricting what files
it can access and which syscalls it can make, in case remote code execution
vulnerabilities are discovered in dnsmasq.
Would you be interested in reviewing my patches and maybe integrate them in
dnsmasq?
Please find attached my patch against master head, but let me know if there
is another way for us to review and discuss the change.

The project is interesting. May I suggest looking into privilege
separation such as what OpenBSD has been doing before applying the
sandbox ?

http://quigon.bsws.de/papers/aalborg2009/mgp00043.html

Also, maybe look at unbound, which has a privilege separation design as well.

Have a look at OpenBSD's imsg framework which is light and easy to port:

http://man.openbsd.org/imsg_init

Denis Solonkov

2017-09-08 14:55:22 UTC

Permalink

Hi Loganaden,

I am not sure how privilege separation would be beneficial, since dnsmasq
drops almost all of its capabilities in dnsmasq.c:597 and therefore, doing
privilege separation for the remaining capabilities may not be worth it.

Kind regards,
Denis.

Post by Denis Solonkov

Post by Denis Solonkov
Hi Simon,
As part of my Google summer internship project I have implemented a

sandbox

Post by Denis Solonkov
for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests

and

Post by Denis Solonkov
documentation.
Such sandbox provides defense in depth to dnsmasq, by restricting what

files

Post by Denis Solonkov
it can access and which syscalls it can make, in case remote code

execution

Post by Denis Solonkov
vulnerabilities are discovered in dnsmasq.
Would you be interested in reviewing my patches and maybe integrate them

Post by Denis Solonkov
dnsmasq?
Please find attached my patch against master head, but let me know if

there

Post by Denis Solonkov
is another way for us to review and discuss the change.

The project is interesting. May I suggest looking into privilege
separation such as what OpenBSD has been doing before applying the
sandbox ?
http://quigon.bsws.de/papers/aalborg2009/mgp00043.html
Also, maybe look at unbound, which has a privilege separation design as well.
http://man.openbsd.org/imsg_init

Continue reading on narkive:

Search results for '[Dnsmasq-discuss] [PATCH] implemented sandbox' (Questions and Answers)

replies

What is the big deal behind firefox?

started 2009-02-08 20:39:28 UTC

internet

replies

java I got a error on eclipse and it wasn't underlined with red?

started 2013-08-19 12:09:54 UTC

programming & design

replies

Under Construction Pages - Google Sandbox?