Mbox – A lightweight sandboxing mechanism

[+] tsgates|12 years ago|reply

I am the author of mbox. Since I got too many emails regarding mbox, here are a few things to clarify.

  - naming: pkgfile mbox || echo looks like a good name
  - support: sorry, I don't have Mac or Windows.

I particularly like to use mbox for redirecting modification to another directory. For example,

  $ mbox -- git checkout file

You can checkout a file without overwritting the current file. You can imagine tons of usecases in this vein. Of course, blocking networks, restricting accesses of other directories, and rootless pkg installations are cute. However, to be a mature tool, I have to admit that there are lots of engineering works left -- support of 32bit .. compatibility layers .. still lots of corner cases.

[+] riquito|12 years ago|reply

"pkgfile jpeg" || echo looks like a good name. Maybe not.

(I don't have pkgfile but I think the above command would echo the string). I do understand that naming a program is every day harder, but mbox is a really famous format, the de facto standard for storing e-mails. Please consider a different name for your impressive program.

[+] dobbsbob|12 years ago|reply

http://pdos.csail.mit.edu/mbox/mbox-latest.amd64.deb doesn't exist btw.

So far mbox is pretty awesome. Installed a bunch of rootless memory scrapers with a regular user account to see what it can do. Another, ephemeral sandbox I use is PrivExec http://www.onarlioglu.com/privexec/

[+] stelonix|12 years ago|reply

Thank you for this! I've been looking for a tool like this for a while (up until yesterday too), I'm glad it has been done.

I'd like to ask, are there any caveats?

[+] znowi|12 years ago|reply

Arch package in AUR:

https://aur.archlinux.org/packages/mbox-git/

[+] Mithaldu|12 years ago|reply

> naming: pkgfile mbox || echo looks like a good name

Next time try google/duckduckgo/bing instead of the narrowest tool you can think of. ;)

[+] tghw|12 years ago|reply

Seems like poor naming, what with the mbox file format(s).

[+] mdpane|12 years ago|reply

And in the music community, the Mbox is a popular sound interface for Pro Tools.

[+] XaspR8d|12 years ago|reply

Here I was reminded of my years of LaTeX torments with "error: underflow mbox" or similar.

[+] userbinator|12 years ago|reply

When I saw the title I thought it was about sandboxing email attachments or something like that.

[+] colinbartlett|12 years ago|reply

How about we call it "Paper".

[+] friendzis|12 years ago|reply

I thought they found a way to use mbox format to sandbox execution

[+] oscargrouch|12 years ago|reply

>At the end of program execution, the user can examine changes in the sandbox filesystem, and selectively commit them back to the host filesystem.

This is a cool idea.

[+] jlgaddis|12 years ago|reply

Out of curiosity, why choose for the name a term that has been around for nearly 40 years and is associated with something very different?

[+] nl|12 years ago|reply

Hmm. Seems very secure.. I can't run anything.

  ./configure
  make
   ./mbox ls

   Stop executing pid=20987: It's not allowed to call mmap on 0x400000

Same error no matter what executable I try. I'm assuming that isn't by design?

[+] agateau|12 years ago|reply

I suspect (haven't checked!) this is actually Ubuntu kernel not allowing mbox to do what it tries to do. See https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening

[+] thiagoc|12 years ago|reply

Same error here, but `ls' works:

    ./mbox ls
    test
     > /tmp/sandbox-14587

    ./mbox -- wget google.com

    Stop executing pid=14629: It's not allowed to call mmap on 0x400000
    Sandbox Root:
     > /tmp/sandbox-14625

BTW, I'm on Arch:

    Linux colossus 3.12.9-2-ARCH #1 SMP PREEMPT Fri Jan 31 10:22:54 CET 2014 x86_64 GNU/Linux

[+] joshbaptiste|12 years ago|reply

Same here regardless of the binary on two different Fedora/Debian nodes ..

[+] rjzzleep|12 years ago|reply

interesting, i agree with the bad choice of nomenclature though.

I wonder how hard it would be to port it to dtrace (also dtrace would defeat the not needing root requirement).

although macs already include a sandbox[1] i find it everything but intuitive to use. it's already ridiculously complicated to setup. see ironfox as reference [2]. since you have to allow all sorts of mach port process execution pasteboard mach port access, etc.

check this app, which is allowed to play music and access the clipboard, but not access the internet. [3]

[1] https://developer.apple.com/library/mac/documentation/Darwin...

[2] https://www.romab.com/ironfox/IronFox-1.5-beta.dmg

[3] https://gist.github.com/03a481b6d39912b33d52

[+] justincormack|12 years ago|reply

Can dtrace do sandboxing the way ptrace can? I didnt think it could.

[+] zimbatm|12 years ago|reply

It would be interesting to run a benchmark. My impression is that ptrace interceptions would add a significant overhead but I can be wrong. Still, it looks like a great project.

Alternatively they could use unshare and aufs to overlay another filesystem on top of a read-only root.

[+] agwa|12 years ago|reply

This is addressed in the paper. Performance overhead is in the ballpark of 10-20%. They are able to improve on the performance of a purely ptrace-based sandbox by using seccomp to ensure that only the syscalls that need to be intercepted are sent to ptrace.

The benefit mbox has over unshare+aufs is that mbox doesn't require root privileges.

[+] skeoh|12 years ago|reply

Sandboxie (http://www.sandboxie.com/) is a similar tool for Windows.

[+] anemic|12 years ago|reply

I love sandboxie but an open source solution would be really nice to have.

[+] alrs|12 years ago|reply

    apt-cache search mbox | wc -l
    82

Ouch. How disconnected from the real world can academics get?

[+] jamesaguilar|12 years ago|reply

No more disconnected than the 82nd non-academic who named a program mbox.

[+] cscheid|12 years ago|reply

Um, https://xkcd.com/385/

[+] unknown|12 years ago|reply

[deleted]

[+] aabalkan|12 years ago|reply

Does this have anything to do with Linux containers (lxc)?

[+] mjn|12 years ago|reply

Not exactly, from what I can tell. This lets you run an individual process in a host environment, but using fine-grained privilege restrictions, and some judicially inserted virtualization. LXC runs hosts in a complete OS-level virtualized environment, more like its own Linux instance, which is a bit more complete virtualization (not always desired for a single process).

A Solaris / OpenSolaris / Illumos analogy is to compare running a process in a new Zone (which is like a FreeBSD Jail or a Linux LXC/OpenVZ container), versus running a process in an existing Zone but using ppriv(1) to selectively drop privileges usually given to processes by default, such as network access, file read/write, exec, etc. One is in what looks like its own OS instance, while the other is in the parent OS instance but sandboxed. The analogy isn't quite complete because the ppriv(1) approach doesn't lie to processes that try to violate the permissions like Mbox does; instead it just denies their attempts to do something that violates policy (such as opening a file). So, it might cause sandboxed processes to crash, rather than letting them complete with faked completion.

[+] tptacek|12 years ago|reply

Not really; mbox uses seccomp-bpf to filter system calls, from userland, using unprivileged users. A very ambitious project to build on top of mbox might be an even lighter-weight Docker-alike using userland system call interposition instead of Linux containers.

[+] blueskin_|12 years ago|reply

...because this really won't conflict with the obsolete email storage format, right?

[+] justinsb|12 years ago|reply

Kudos to the authors for releasing their source code on github. The code may have some rough edges at the moment, but putting it on Github is a great way to encourage collaboration / improvements, and can only encourage greater adoption of their ideas.

[+] Scaevolus|12 years ago|reply

Slides end with a few questions:

> Why 20% on tar? just rewriting path arguments doesn't seem to be demanding work.

Is most of that the overhead from syscalls being filtered by seccomp/BPF?

[+] bullfight|12 years ago|reply

Definitely looking forward to seeing this progress. It certainly seems to fill a void especially in a world where it is quite common to share command line tools as seen earlier today in the post about "hr for your terminal"

https://news.ycombinator.com/item?id=7213347

[+] zobzu|12 years ago|reply

http://fakeroot.alioth.debian.org/

[+] mjn|12 years ago|reply

If you want to provide a redirected environment for a presumptively non-malicious process, fakeroot works fine. It's not a secure sandbox, though, because it's based on intercepting system calls with LD_PRELOAD, and a process that wishes to can avoid being intercepted in that manner, since it's just enforced by the shared-library loader. So processes that are statically linked, or that have direct syscalls compiled in, will bypass the LD_PRELOAD replacements. The seccomp mechanism, by contrast, is enforced by the kernel.

[+] Lazare|12 years ago|reply

Very cool project; really terrible name.

[+] daxelrod|12 years ago|reply

The mechanism seems similar to PRoot ( http://proot.me/ ) which uses ptrace to intercept filesystem operations to create a userspace chroot.

I wonder if there's value in creating a library for intercepting filesystem operations via ptrace...

[+] unknown|12 years ago|reply

[deleted]

[+] mrfusion|12 years ago|reply

Would this work well for sandboxing python? I want to allow users some light scripting to manipulate their data.

[+] koenigdavidmj|12 years ago|reply

I'm guessing that this only works with dynamically linked binaries, similar to LD_PRELOAD-based solutions?

58 comments