↳
In-reply-to
»
(#2xx4mbq) Looks like here’s something wrong with Markdown parsing. 🤔 The original twt looks like this:
⤋ Read More
@movq@www.uninformativ.de it is.
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
@movq@www.uninformativ.de That’s really cool! I wanted to experiment with Landlock in tt as well. But other than just thinking about it, nothing really happened.
Depending on the available Landlock ABI version your kernel supports, you might even restrict connect(…) calls to ports 80, 443 and maybe whatever else has been configured in the subscription list.
A mate visted me and we went on a few hours long hike. We came across a mythical creature in its natural habitat:
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.
I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.
jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.
(And this is finally a strong argument for static linking.)
Looks like here’s something wrong with Markdown parsing. 🤔 The original twt looks like this:
>This extension was turned off because it is no longer supported
Thanks Google.
This browser was uninstalled because it absolutely sucks!
So only the first line should be a quote.
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
Landlock is still young and a bit unpolished, but it’s slowly getting more popular. 🥳
↳
In-reply-to
»
PSA:
⤋ Read More
setpriv on Linux supports Landlock.
Another example:
$ setpriv \
--landlock-access fs \
--landlock-rule path-beneath:execute,read-file:/bin/ls-static \
--landlock-rule path-beneath:read-dir:/tmp \
/bin/ls-static /tmp/tmp/xorg.atom
The first argument --landlock-access fs says that nothing is allowed.
--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).
--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.
The output of the ls-static program is this line:
─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.
3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.
Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:
─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom
PSA: setpriv on Linux supports Landlock.
If this twt goes through, then restricting the filesystem so that jenny can only write to ~/Mail/twt, ~/www/twtxt.txt, ~/.jenny-cache, and /tmp works.