Re: Capsicum and weak libc symbols

In reply to: Vinícius_dos_Santos_Oliveira : "Capsicum and weak libc symbols"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: David Chisnall <theraven_at_FreeBSD.org>
Date: Fri, 07 Feb 2025 12:00:43 UTC

On 7 Feb 2025, at 01:40, Vinícius dos Santos Oliveira <vini.ipsmaker@gmail.com> wrote:
> 
> I developed an easy-to-use Lua library that allows one to implement
> policies for libc functions that are interposed by my project[3][4]. I
> intend to use this library to implement IM clients (e.g. Telegram[6],
> nostr) that run media parsers and user-downloaded extensions within
> sandboxes. 

You might be interested in this:

https://github.com/microsoft/verona-sandbox

It uses capsicum on FreeBSD and seccomp-bpf to run libraries in sandboxes, with a nice programmer model (you can malloc memory in the library and free it in the parent and share objects between the two, for example).

David