My text. There I explain the basics on how to properly sandbox (discretionary privilege dropping) programs written using Emilua (the ASIO-based execution engine for Lua programs).
I've tried my best to make the text hopefully useful to programmers from any language so the few Lua samples in the article are only there to illustrate the concepts. Some of the topics found in the article:
* UNIX basics focusing on Linux and FreeBSD.
* General sandboxing concepts and how to apply them in Linux and FreeBSD.
* The actor model and capability-based security (and how to combine them).
* Oblivious sandboxing to run/reuse unmodified code within sandboxes.
* Threat models.
* Seccomp, Landlock, Capsicum, ...
* A few guidelines for the C programmer.
I'm the author of this framework. Version 0.5 is under development right now and there are a few things I'd like to point out about the project's current state:
• I was developing an example Telegram client where components would run on sandboxes to dodge some attacks (such as the recent bug found on WebP that is used for Telegram stickers).
• Creating sandboxes using Linux namespaces (available from emilua 0.4) proved to be too cumbersome.
• I'm developing support for new sandboxing technologies that I hope to be easier to use.
•• Landlock (Linux): already usable from branch 0.5.
•• Capsicum (FreeBSD): in development.
• The lack of an (emilua) ecosystem is a real problem for new (emilua) programs, so I'll develop something like <http://lua-users.org/wiki/LunaticPython> that also translates Python promises from Python3's asyncio to fiber suspension/wakeup in Lua land and customizes the Python3's asyncio event loop to use the same Boost.Asio instances. This support will depend on <https://lwn.net/Articles/941090/> as there would be 1 Python subinterpreter for each Lua VM.
• I plan to do something similar to the previous item to NodeJS as well.
• Version 0.5 is mostly ready and I expect a release by December. The focus of this release is refactoring stuff to make it easier to develop a package manager for emilua.
I've tried my best to make the text hopefully useful to programmers from any language so the few Lua samples in the article are only there to illustrate the concepts. Some of the topics found in the article:
* UNIX basics focusing on Linux and FreeBSD. * General sandboxing concepts and how to apply them in Linux and FreeBSD. * The actor model and capability-based security (and how to combine them). * Oblivious sandboxing to run/reuse unmodified code within sandboxes. * Threat models. * Seccomp, Landlock, Capsicum, ... * A few guidelines for the C programmer.