SELinux Sandbox for Untrusted Programs

May 28, 2009

The security framework SELinux is set to offer a Sandbox in which applications deemed insecure can be partitioned off from other system areas.

Red Hat colleagues Dan Walsh and Eric Paris have designed an additional security tool. SELinux project leader Walsh describes the functionality and development of this tool in a detailed blog entry. The main idea: for SELinux to limit the actions an application can perform and to confine untrusted binaries. This way, users should be able to work with programs and data that are not considered 100% secure.

The developers were inspired to create a sandbox to execute these security measures using the SELinux policies via a query on the Linux core list. Walsh describes: "The bug report talked about confining grep, awk, ls ... The idea was couldn't we stop the grep or the mv command from suddenly opening up a network connection and copying off my /etc/shadow file to parts unknown.“ Regarding further application areas, Walsh sees GRID jobs as potential danger, they might become Spam Bots or attack systems in some other form.

Creating the SELinux sandbox
The Sandbox is just ten steps away: Dan Walsh chose "User Applications“ for the Sandbox because the security tool is intended for the user as well as the administrator.

According to Walsh, only 10 clicks were needed to write the policy with the GUI program from Fedora 11. He delivers interested parties precise instructions. In addition to the policy, the “usr/bin/sandbox” tool was written in order to route contents into the Sandbox. One issue with the current version has not yet been fully dealt with: “My current intention with sandbox is not to handle X Apps, since these apps want to write all over the home directory ~/.gconf, ~/gnome., ~/.config ... and all over /tmp, along with use privs to talk to the X Server. I have some ideas on this for the future that I hope to experiment with.”

In a message on the Linux kernel list, Eric Paris introduces a simple application example and invites users to share their experiences. “Check it out, SELinux confinement made easy."

Related content

  • SELinux

    SELinux provides a comprehensive Mandatory Access Control system for Linux, if you are ready for all the details.

  • SE Linux

    SELinux provides a safer system through the powerful concept of mandatory access controls.

  • AppArmor vs. SELinux

    Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

  • AppArmor

    After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

  • Kernel News

     

comments powered by Disqus

Issue 169/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News