Commit 512ef0a
committed
fix: Implement proper sandbox enforcement with corrected Landlock
Based on security findings from @aecs4u (PR #21), with critical Landlock fix.
## Security Issues Fixed
1. **PathValidation was no-op** — now properly validates against deny lists
2. **Background commands bypassed sandbox** — now wrapped before spawning
3. **Landlock semantics were inverted** — CRITICAL: original code would ALLOW
credentials instead of denying them
## Landlock Fix (the critical change)
The original implementation misunderstood Landlock's security model. Landlock
is ALLOWLIST-based: you specify what IS allowed, everything else is denied.
The fix:
- Allow system paths: /usr, /lib, /bin, /etc, /proc, /sys, /dev (read)
- Allow temp paths: /tmp, /var/tmp (read+write)
- Allow workspace (full access)
- Credentials denied BY OMISSION (not in allowlist = denied)
## Changes (cherry-picked from PR #21, sandbox commits only)
- src/sandbox.rs: Complete sandbox implementation with corrected Landlock
- docs/SANDBOX.md: Comprehensive documentation
- tests/sandbox_enforcement.rs: Integration tests
## Attribution
Security finding and initial implementation by @aecs4u.
Landlock semantics fix reviewed against Landlock API docs.
Closes #22
Supersedes #211 parent 437268b commit 512ef0a
File tree
4 files changed
+1866
-34
lines changed- docs
- src
- tests
4 files changed
+1866
-34
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
108 | 108 | | |
109 | 109 | | |
110 | 110 | | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
111 | 117 | | |
112 | 118 | | |
113 | 119 | | |
| |||
126 | 132 | | |
127 | 133 | | |
128 | 134 | | |
129 | | - | |
130 | | - | |
131 | | - | |
132 | | - | |
133 | | - | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
134 | 138 | | |
135 | 139 | | |
136 | 140 | | |
| |||
0 commit comments