Sandboxing on other platforms about tlsdate HOT 1 OPEN

On 12/10/15, Clemens Gruber [email protected] wrote:

Hi,

what do you think about reducing the attack surface on OS X as well (and not
only on Linux with seccomp) ?

There is a "sandbox facility" in OS X:

SANDBOX(7)           BSD Miscellaneous Information Manual
SANDBOX(7)

NAME
     sandbox -- overview of the sandbox facility

SYNOPSIS
     #include <sandbox.h>

DESCRIPTION
     The sandbox facility allows applications to voluntarily restrict their
access to
     operating system resources.  This safety mechanism is intended to limit
potential
     damage in the event that a vulnerability is exploited.  It is not a
replacement for
     other operating system access controls.

     New processes inherit the sandbox of their parent.  Restrictions are
generally
     enforced upon acquisition of operating system resources only.  For
example, if file
     system writes are restricted, an application will not be able to
open(2) a file for
     writing.  However, if the application already has a file descriptor
opened for writ-
     ing, it may use that file descriptor regardless of restrictions.

SEE ALSO
     sandbox-exec(1), sandbox_init(3), sandboxd(8)

Mac OS X                       January 29, 2010                       Mac OS
X

We could probably also take other ideas and code from Chrome?
https://www.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design

What do you think? Ideas, suggestions?

I'd very much like to use OS X sandboxing. I don't have a Mac OS X
device that would be useful here. If you want to submit a patch, we
can have someone else help with the review, I'm open to reviewing it
also.

from tlsdate.