[Dnsmasq-discuss] [PATCH] implemented sandbox
Denis Solonkov
solonkovda at google.com
Fri Sep 8 15:55:22 BST 2017
Hi Loganaden,
I am not sure how privilege separation would be beneficial, since dnsmasq
drops almost all of its capabilities in dnsmasq.c:597 and therefore, doing
privilege separation for the remaining capabilities may not be worth it.
Kind regards,
Denis.
On Tue, Sep 5, 2017 at 1:09 PM, Loganaden Velvindron <loganaden at gmail.com>
wrote:
> On Tue, Sep 5, 2017 at 2:32 PM, Denis Solonkov <solonkovda at google.com>
> wrote:
> > Hi Simon,
> >
> >
> > As part of my Google summer internship project I have implemented a
> sandbox
> > for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests
> and
> > documentation.
> >
> > Such sandbox provides defense in depth to dnsmasq, by restricting what
> files
> > it can access and which syscalls it can make, in case remote code
> execution
> > vulnerabilities are discovered in dnsmasq.
> >
> > Would you be interested in reviewing my patches and maybe integrate them
> in
> > dnsmasq?
> >
> > Please find attached my patch against master head, but let me know if
> there
> > is another way for us to review and discuss the change.
> >
> >
>
> The project is interesting. May I suggest looking into privilege
> separation such as what OpenBSD has been doing before applying the
> sandbox ?
>
> http://quigon.bsws.de/papers/aalborg2009/mgp00043.html
>
> Also, maybe look at unbound, which has a privilege separation design as
> well.
>
> Have a look at OpenBSD's imsg framework which is light and easy to port:
>
> http://man.openbsd.org/imsg_init
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170908/3a8b21b0/attachment.html>
More information about the Dnsmasq-discuss
mailing list