[ijustlovemath]

I've found it interesting that systemd and Linux user permissions/groups never come into the sandboxing discussions. They're both quite robust, offer a good deal of customization in concert,and by their nature, are fairly low cost.

[nextaccountic]

Unix permissions were written at a time where the (multi user) system was protecting itself from the user. Every program ran at the same privileges of the user, because it wasn't a security consideration that maybe the program doesn't do what the user thinks it does. That's why in the list of classic Unix tools there is nothing to sandbox programs or anything like that, it was a non issue

And today this is.. not sufficient. What we require today is to run software protected from each other. For quite some time I tried to use Unix permissions for this (one user per application I run), but it's totally unworkable. You need a capabilities model, not an user permission model

Anyway I already linked this elsewhere in this thread but in this comment it's a better fit https://xkcd.com/1200/

[nesarkvechnep]

There's FreeBSD's Capsicum. It's a full-blown sandboxing mode and capability framework. Unfortunately, Linux didn't adopt it and chose chaos.

[fsflover]

This is why my daily driver is https://qubes-os.org

[curt15]

>And today this is.. not sufficient. What we require today is to run software protected from each other. For quite some time I tried to use Unix permissions for this (one user per application I run), but it's totally unworkable. You need a capabilities model, not an user permission model

Unix permissions remain a fundamental building block of Android's sandbox. Each app runs as its own unix user.

[surajrmal]

Android sandboxing works in spite of the underlying security model, not because of it. It's also really selinux that does a lot of heavy lifting.

[goodthenandnow]

Subthread from a while ago where I wrote some details on how Android sandboxing architecture uses Linux’s primitives: https://news.ycombinator.com/item?id=40676309

[nextaccountic]

I really want a desktop distro that is based on Android but can run normal desktop apps, fully isolated by default

Can Binder run on desktop, with some non-mainline kernel? Is someone maintaining such kernel with up to date patches?

[theteapot]

I feel like apparmor is getting there, very, very slowly. Just need every package to come with a declarative profile or fallback to a strict default profile.

[mike_hearn]

Yes but systemd is a full blown sandboxing system, and he said the two working in concert.

[moezd]

This assumes people know more than just writing Dockerfiles and push straight to production. This is still a rarity.

[ijustlovemath]

Nowadays, it's fairly simple to ask for a unit file and accompanying bash script/tests for correctness. I think the barrier in that sense has practically vanished.

[vbezhenar]

Linux kernel is ridden with local privilege escalation vulnerabilities. This approach works for trusted software that you just want to contain, but it won't work for malicious software.

[viraptor]

Ridden? There are issues from time to time, but it's not like you can grab the latest, patched Ubuntu LTS and escalate from an unprivileged seccomp sandbox that doesn't include crazy device files.

[vbezhenar]

Any sandbox technology works fine until it isn't. It's not like you could escape Java sandbox, but Java applets were removed from the browsers due to issues being found regularly. In the end, browser sandbox is one of the few that billions of people use and run arbitrary code there every day, without even understanding that. The only comparable technology is qemu. I don't think there are many hosters who will hand off user account to a shared server and let you go wild there.

[viraptor]

> Any sandbox technology works fine until it isn't.

Tautology is tautology.

> but Java applets were removed from the browsers

Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.

> hosters who will hand off user account to a shared server

There's lots of CI or function runners that expose docker-like environments.

[vbezhenar]

> Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.

They are comparable because they provided a restricted sandbox to execute untrusted code.

> There's lots of CI or function runners that expose docker-like environments.

These are running inside VMs.

[graemep]

> Java applets were removed from the browsers due to issues being found regularly

Java applets were killed off my MS's attempt at "embrace, extent, extinguish" by bundling an incompatible version of Java with IE, and Sun's legal response to this.

[whywhywhywhy]

They never worked nice and always felt slow, unreliable and janky at the time. It’s easy to blame MS but no one was sad to see the back of them.

[graemep]

I was fine with the few I used, and Java works much better on the hardware we now have. A lot better than a lot of cross platform things we have now.

[vbezhenar]

No, Microsoft has nothing to do with it. Browsers are controlled by Google and Mozilla and they decided to block Java plugin.

[surajrmal]

The Linux API surface is massive. And the fact it's written on C leaves lots of room for vulnerabilities. I don't think you need to reach for a VM, but without a slimmer kernel interface, it's difficult to trust the kernel to actually uphold its required duties in the face of adversaries. This is why folks push heavily for microkernels. Chrome needs to work incredibly hard to provide reliable sandboxing as a result.

[realityfactchex]

> user permissions/groups never come into the sandboxing discussions

Sometimes *nix user accounts for AI agent sandboxing does come up in discussions. At [0], HN user netcoyote linked to his sandvault tool [1], which "sandboxes AI agents in a MacOS limited user account".

Actually seems like a great idea IMO, to be lightweight, generic, and robust-enough.

[0] https://news.ycombinator.com/item?id=46760777

[1] https://github.com/webcoyote/sandvault

[srcreigh]

It shouldn’t come up because it’s not sufficient. How would systemd prevent local JavaScript code from sending DNS, http, webrtc network requests when it’s opened in the users browser?

[pjmlp]

Because that is actually UNIX user permissions/groups, with a long history of what works, and what doesn't?

[ape4]

cgroups are part of whats used to implement docker and podman

[ijustlovemath]

True, and they do indeed offer an additional layer of protection (but with some nontrivial costs). All (non-business killing) avenues should be used in pursuit of defense in depth when it comes to sandboxing. You could even throw a flatpak or firejail in, but that starts to degrade performance in noticeable ways (though I've found it's nice to strive for this in your CI).

[TingPing]

Namespaces are very lightweight though? Like single digit overhead.

[hendry]

Agreed! systemd nspawn is actually pretty awesome, though not many people use it.