Skip to content

Sandbox/jail build scripts #5720

Open
Open
Sandbox/jail build scripts#5720
Labels
A-build-scriptsArea: build.rs scriptsC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`S-needs-rfcStatus: Needs an RFC to make progress.
@ishitatsuyuki

Description

@ishitatsuyuki
ishitatsuyuki
opened on Jul 12, 2018

Build scripts has too much capabilities than it would actually need. As a security measure, it may be good to perform some kind of sandboxing for them.

Things we could be restricting:

  • Act as the nobody user, disallowing read of private files, or deletion of important files.
  • Disable networking (with some way to opt out).

Strategy we could take:

  • Just use some existing mechanism (changing user) to downgrade privileges. Is this possible?
  • LD_PRELOAD and hook libc, which is what Gentoo use. Possible to bypass. Availability on Windows: possible, but probably harder than Linux.
  • Full sandboxing with gVisor. Safe, but doesn't work for Windows indeed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-build-scriptsArea: build.rs scriptsC-feature-requestCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`S-needs-rfcStatus: Needs an RFC to make progress.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions