From 4782c2b8e6d9cf4c75612c444760060d0a103da3 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 1 Jul 2016 22:20:47 +0200 Subject: executor: revive setuid sandbox The new namespace-based sanboxing is good, but it's not always what one wants (and also requires special kernel configs). Change dropprivs config value to sandbox, which can have different values (currently: none, setuid, namespace). Setuid mode uses setuid(nobody) before fuzzing as before. In future we can add more sandboxing modes or, say, extend -sandbox=setuid to -sandbox=setuid:johndoe to impersonolate into given user. --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 7f6dd03d9..976345adb 100644 --- a/README.md +++ b/README.md @@ -97,9 +97,12 @@ following keys in its top-level object: the virtual machine. - `cpu`: Number of CPUs to simulate in the VM (*not currently used*). - `mem`: Amount of memory (in MiB) for the VM; this is passed as the `-m` option to `qemu-system-x86_64`. - - `dropprivs` : Whether the executor program should try to use namespaces to drop privileges - before executing (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, - `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`). + - `sandbox` : Sandboxing mode, one of "none", "setuid", "namespace". + "none": don't do anything special (has false positives, e.g. due to killing init) + "setuid": impersonate into user nobody (65534), default + "namespace": use namespaces to drop privileges, + (requires a kernel built with `CONFIG_NAMESPACES`, `CONFIG_UTS_NS`, + `CONFIG_USER_NS`, `CONFIG_PID_NS` and `CONFIG_NET_NS`). - `enable_syscalls`: List of syscalls to test (optional). - `disable_syscalls`: List of system calls that should be treated as disabled (optional). - `suppressions`: List of regexps for known bugs. -- cgit mrf-deployment