exile.h
misc
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
exile.h
-
Show HN: Porting OpenBSD Pledge() to Linux
Great work!
>.. So how do we get it that simple on Linux? I believe the answer is to find someone with enough free time to figure out how to use SECCOMP BPF to implement pledge.
> There's been a few devs in the past who've tried this. I'm not going to name names, because most of these projects were never completed.
I guess I am also one of those. I am giving it a shot with my WIP sandboxing library, which aims at making sandboxing easier for applications in general: https://github.com/quitesimpleorg/exile.h. It also aims to fix the "file system blind spot" mentioned in the article, by using Landlock and Namespaces/chroot.
Though I am calling my attempt "vows" instead of "pledge" to avoid misunderstandings. At the the end of the day, pledge() cannot be pledge() on Linux, due to limitations which the article also mentions.
Nevertheless, as has already been mentioned in this thread, as all attempts, mine also suffers from the fact that one has to keep up constantly with kernel releases and all software must recompiled from time to time against new library releases. This is a suboptimal situation. Secondly, there systems calls with currently cannot be filtered with seccomp BPF, such as openat2() and clone3() and so on.
Therefore, at this time you cannot have pledge() on Linux properly. So I am putting it on hold until deep argument inspection lands.
Overall, my experience led me to believe in order to have true, partical pledge() on Linux, it must be implemented in the kernel ultimately.
misc
-
Show HN: Porting OpenBSD Pledge() to Linux
Here's a landlock wrapper for FireFox: https://github.com/62726164/misc/tree/main/go/landlock/firef...
It's more restrictive than Firejail and is not suid.
-
PSA: Serious Security Vulnerability in Tor Browser
I no longer use Tor either (unless I have to for work projects such as remote pentesting).
What is you opinion of Landlock (Linux kernel 5.13 and newer)? If we wrap vanilla FireFox in LandLock, proxy that to tor and use Apparmor/Tomoyo to further limit what FireFox could do (when it gets compromised) then I think that would be a much safer approach than using the Tor Browser Bundle.
Here's a landlock wrapper (in Go) for FireFox: https://github.com/62726164/misc/blob/main/go/landlock/firef...
Also, I've only ever been able to get Tomoyo to work as MAC for FireFox. SELinux and Apparmor were too difficult.
-
Improved Process Isolation in Firefox 100
I firmly believe that isolation is the future of endpoint security. I like experimenting with MACs on Linux. Tomoyo is my favorite major MAC in Linux. And if you have a newer kernel (5.13 or greater), you may like to experiment with landlock. It's pretty cool and unlike FireJail, no suid required. Here's a landlock wrapper for Firefox:
https://github.com/62726164/misc/blob/main/go/landlock/firef...
What are some alternatives?
fdroid-metadata
pornhub-dl - :eggplant: A nice cli-wrapper around youtube-dl for downloading videos and following users/channels on pornhub
seccomp-scopes - Make Linux computing safe
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
libseccomp - The main libseccomp repository
firejail - Linux namespaces and seccomp-bpf sandbox
capsicum-linux - Linux kernel with Capsicum support
cosmopolitan - build-once run-anywhere c library