
Mbox – A lightweight sandboxing mechanism - chocolateboy
http://pdos.csail.mit.edu/mbox/
======
tsgates
I am the author of mbox. Since I got too many emails regarding mbox, here are
a few things to clarify.

    
    
      - naming: pkgfile mbox || echo looks like a good name
      - support: sorry, I don't have Mac or Windows.
    

I particularly like to use mbox for redirecting modification to another
directory. For example,

    
    
      $ mbox -- git checkout file
    

You can checkout a file without overwritting the current file. You can imagine
tons of usecases in this vein. Of course, blocking networks, restricting
accesses of other directories, and rootless pkg installations are cute.
However, to be a mature tool, I have to admit that there are lots of
engineering works left -- support of 32bit .. compatibility layers .. still
lots of corner cases.

~~~
riquito
"pkgfile jpeg" || echo looks like a good name. Maybe not.

(I don't have pkgfile but I think the above command would echo the string). I
do understand that naming a program is every day harder, but mbox is a really
famous format, the de facto standard for storing e-mails. Please consider a
different name for your impressive program.

------
tghw
Seems like poor naming, what with the mbox file format(s).

~~~
mdpane
And in the music community, the Mbox is a popular sound interface for Pro
Tools.

~~~
iamdave
That's exactly what I thought this was from the title; I thought MIT had
obtained a license or somesuch.

------
oscargrouch
>At the end of program execution, the user can examine changes in the sandbox
filesystem, and selectively commit them back to the host filesystem.

This is a cool idea.

------
jlgaddis
Out of curiosity, why choose for the name a term that has been around for
nearly 40 years and is associated with something very different?

------
nl
Hmm. Seems _very_ secure.. I can't run anything.

    
    
      ./configure
      make
       ./mbox ls
    
       Stop executing pid=20987: It's not allowed to call mmap on 0x400000
    

Same error no matter what executable I try. I'm assuming that isn't by design?

~~~
joshbaptiste
Same here regardless of the binary on two different Fedora/Debian nodes ..

~~~
nl
Ubuntu 12.04 here.

------
rjzzleep
interesting, i agree with the bad choice of nomenclature though.

I wonder how hard it would be to port it to dtrace (also dtrace would defeat
the not needing root requirement).

although macs already include a sandbox[1] i find it everything but intuitive
to use. it's already ridiculously complicated to setup. see ironfox as
reference [2]. since you have to allow all sorts of mach port process
execution pasteboard mach port access, etc.

check this app, which is allowed to play music and access the clipboard, but
not access the internet. [3]

[1]
[https://developer.apple.com/library/mac/documentation/Darwin...](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/sandbox-
exec.1.html)

[2]
[https://www.romab.com/ironfox/IronFox-1.5-beta.dmg](https://www.romab.com/ironfox/IronFox-1.5-beta.dmg)

[3]
[https://gist.github.com/03a481b6d39912b33d52](https://gist.github.com/03a481b6d39912b33d52)

~~~
justincormack
Can dtrace do sandboxing the way ptrace can? I didnt think it could.

~~~
comex
It would probably be possible using destructive actions (e.g. use raise() to
kill the process if it tries to do something bad). It would require root and
not be easier than using OS X's built-in sandbox (i.e. if you need to allow
access to some Mach services for some APIs to work, that still needs to happen
regardless of what you're using to sandbox), but it could potentially be more
secure, as OS X doesn't otherwise support limiting syscalls to a small set
like seccomp on Linux.

------
zimbatm
It would be interesting to run a benchmark. My impression is that ptrace
interceptions would add a significant overhead but I can be wrong. Still, it
looks like a great project.

Alternatively they could use unshare and aufs to overlay another filesystem on
top of a read-only root.

~~~
agwa
This is addressed in the paper. Performance overhead is in the ballpark of
10-20%. They are able to improve on the performance of a purely ptrace-based
sandbox by using seccomp to ensure that only the syscalls that need to be
intercepted are sent to ptrace.

The benefit mbox has over unshare+aufs is that mbox doesn't require root
privileges.

------
skeoh
Sandboxie ([http://www.sandboxie.com/](http://www.sandboxie.com/)) is a
similar tool for Windows.

~~~
anemic
I love sandboxie but an open source solution would be really nice to have.

------
alrs

        apt-cache search mbox | wc -l
        82
    

Ouch. How disconnected from the real world can academics get?

~~~
jamesaguilar
No more disconnected than the 82nd non-academic who named a program mbox.

~~~
gwern
'Disconnected'?

    
    
       $ apt-cache search mbox | tail -1
       libetpan16 - mail handling library
    

Looks pretty connected to me.

~~~
jamesaguilar
Gah. Well, apply it to the first library named mbox that is not actually
related to the mbox file format. My only point is that there are a lot of
things called mbox. I don't see why we're singling out academics for
criticism. People overload good names.

~~~
blueskin_
The first person to make something mbox that wasn't the format is the main
culprit, but people after him are certainly not blameless either.

------
aabalkan
Does this have anything to do with Linux containers (lxc)?

~~~
tptacek
Not really; mbox uses seccomp-bpf to filter system calls, from userland, using
unprivileged users. A very ambitious project to build on top of mbox might be
an even lighter-weight Docker-alike using userland system call interposition
instead of Linux containers.

~~~
mbreese
I'm calling it now - such a project should be called "Mocker".

Actually, this is really a good idea. I hadn't realized that non-root users
can't start their own Docker images, which I think could be a killer
application. Perhaps if the overhead from something like Mbox is low enough,
this could be feasible. As it is, I'm not sure I'm willing to fork over the
extra ~20% overhead, just to have my applications running in a sandbox, but
this could be a good method to distribute complete environments.

~~~
annnnd
For some applications I would be more than willing to accept 20% overhead in
exchange for perfect security. Still better than setting up dummy virtual
boxes.

~~~
justincormack
Not sure it is perfect security. There are race conditions with ptrace
sandboxes. Have not read the paper yet to see if they mitigate somehow with
seccomp.

------
blueskin_
...because this _really_ won't conflict with the obsolete email storage
format, right?

------
justinsb
Kudos to the authors for releasing their source code on github. The code may
have some rough edges at the moment, but putting it on Github is a great way
to encourage collaboration / improvements, and can only encourage greater
adoption of their ideas.

------
Scaevolus
Slides end with a few questions:

> Why 20% on tar? just rewriting path arguments doesn't seem to be demanding
> work.

Is most of that the overhead from syscalls being filtered by seccomp/BPF?

------
bullfight
Definitely looking forward to seeing this progress. It certainly seems to fill
a void especially in a world where it is quite common to share command line
tools as seen earlier today in the post about "hr for your terminal"

[https://news.ycombinator.com/item?id=7213347](https://news.ycombinator.com/item?id=7213347)

------
zobzu
[http://fakeroot.alioth.debian.org/](http://fakeroot.alioth.debian.org/)

~~~
mjn
If you want to provide a redirected environment for a presumptively non-
malicious process, fakeroot works fine. It's not a secure sandbox, though,
because it's based on intercepting system calls with LD_PRELOAD, and a process
that wishes to can avoid being intercepted in that manner, since it's just
enforced by the shared-library loader. So processes that are statically
linked, or that have direct syscalls compiled in, will bypass the LD_PRELOAD
replacements. The seccomp mechanism, by contrast, is enforced by the kernel.

~~~
zobzu
the point is that mbox only uses seccomp with -s and most of it (ie the rest)
is what fakeroot does already.

------
Lazare
Very cool project; really terrible name.

------
daxelrod
The mechanism seems similar to PRoot ( [http://proot.me/](http://proot.me/) )
which uses ptrace to intercept filesystem operations to create a userspace
chroot.

I wonder if there's value in creating a library for intercepting filesystem
operations via ptrace...

------
mrfusion
Would this work well for sandboxing python? I want to allow users some light
scripting to manipulate their data.

------
koenigdavidmj
I'm guessing that this only works with dynamically linked binaries, similar to
LD_PRELOAD-based solutions?

~~~
wmf
I don't see why; seccomp should work on any kind of process.

------
foobarqux
I have been waiting for an app that does this for a long time.

Too bad both the deb link and makefile are broken.

------
agumonkey
Some people still run on 32bits machines. Time to git clone and make*.

post clone update: no i686 support.

------
mrich
I like it!

