BSDCan2017 - 0722

BSDCan 2017
The Technical BSD Conference

Stephen Herwig
Day Talks #2 - 10 June - 2017-06-10
Room DMS 1120
Start time 14:45
Duration 01:00
ID 835
Event type Lecture
Track Security
Language used for presentation English

secmodel_sandbox: An application sandbox for NetBSD

We introduce a new security model for NetBSD -- secmodel_sandbox -- that allows per-process policies for restricting privileges. Privileges correspond to kauth authorization requests, such as a request to create a socket or read a file, and policies specify the sandbox's decision: deny, defer, or allow.

Processes may apply multiple sandbox policies to themselves, in which case the policies stack, and child processes inherit their parent's sandbox. Sandbox policies are expressed in Lua, and the evaluation of policies uses NetBSD 7's experimental in-kernel Lua interpreter. As such, policies may express staticauthorization decisions, or may register Lua functions that secmodel_sandbox invokes for a decision.