Recursive Sandboxes: Extending Systrace To Empower Applications

نویسندگان

Aleksey Kurchuk

Angelos D. Keromytis

چکیده

The systrace system-call interposition mechanism has become a popular method for containing untrusted code through program-specific policies enforced by user-level daemons. We describe our extensions to systrace that allow sandboxed processes to further limit their children processes by issuing dynamically constructed policies. We discuss our extensions to the systrace daemon and the OpenBSD kernel, as well as a simple API for constructing simple policies. We present two separate implementations of our scheme, and compare their performance with the base systrace system. We show how our extensions can be used by processes such as ftpd, sendmail, and sshd.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Towards Automated Privilege Separation

Applications are subject to threat from a number of attack vectors, and limiting their attack surface is vital. By using privilege separation to constrain application access to protected resources, we can mitigate the threats against the application. Previous examinations of privilege separation either entailed significant manual effort or required access to the source code. We consider a metho...

متن کامل

Improving Host Security with System Call Policies

We introduce a system that eliminates the need to run programs in privileged process contexts. Using our system, programs run unprivileged but may execute certain operations with elevated privileges as determined by a configurable policy eliminating the need for suid or sgid binaries. We present the design and analysis of the “Systrace” facility which supports fine grained process confinement, ...

متن کامل

P´olya Urn Models and Connections to Random Trees: A Review

This paper reviews P´olya urn models and their connection to random trees. Basic results are presented, together with proofs that underly the historical evolution of the accompanying thought process. Extensions and generalizations are given according to chronology: • P´olya-Eggenberger’s urn • Bernard Friedman’s urn • Generalized P´olya urns • Extended urn schemes • Invertible urn schemes ...

متن کامل

Exploiting Concurrency Vulnerabilities in System Call Wrappers

System call interposition allows the kernel security model to be extended. However, when combined with current operating systems, it is open to concurrency vulnerabilities leading to privilege escalation and audit bypass. We discuss the theory and practice of system call wrapper concurrency vulnerabilities, and demonstrate exploit techniques against GSWTK, Systrace, and CerbNG.

متن کامل

SafeJS: Hermetic Sandboxing for JavaScript

Isolating programs is an important mechanism to support more secure applications. Isolating program in dynamic languages such as JavaScript is even more challenging since reflective operations can circumvent simple mechanisms that could protect program parts. In this article we present SafeJS, an approach and implementation that offers isolation based on separate sandboxes and control of inform...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2004

Recursive Sandboxes: Extending Systrace To Empower Applications

نویسندگان

چکیده

منابع مشابه

Towards Automated Privilege Separation

Improving Host Security with System Call Policies

P´olya Urn Models and Connections to Random Trees: A Review

Exploiting Concurrency Vulnerabilities in System Call Wrappers

SafeJS: Hermetic Sandboxing for JavaScript

عنوان ژورنال:

اشتراک گذاری