FSSB - Filesystem Sandbox for Linux
What is FSSB?
FSSB is a sandbox for your filesystem. With it, you can run any program and be assured that none of your files are modified in any way. However, the program will not know this - every change it attempts to make will be made safely in a sandbox while still allowing it to read existing files. This includes creating, modifying, renaming, and deleting files.
The applications are endless:
- Run arbitrary binaries that you don't trust safely (maybe you downloaded it from the internet).
- FSSB provides a safe, repeatable environment for programs. This can be useful for debugging programs.
- Make dry runs to see how a program behaves keeping your files intact. You can see exactly what changes the program made.
Please note that FSSB is still in alpha. Check out the
Contributing section if you'd like to contribute.
FSSB is a very lightweight application. It doesn't require too many dependencies. On most systems, you only need to install the
openssl C library. And then, you can run:
to generate a binary
FSSB is designed with simplicity in mind. Just do:
$ ./fssb -- <program> <args>
to run the program in a safe, dependable, sandboxed environment.
For example, say we have a Python program
with open("new_file", "w") as f: # create a new file in the current directory f.write("Hello world!") # write something with open("new_file", "r") as f: # read the same file later on print(f.read()) # print the contents to console
python program.py would result in a file:
$ python program.py Hello world!
This, of course, would have created a file:
$ cat new_file Hello world!
However, if you run it wrapped around FSSB:
$ ./fssb -m -- python program.py Hello world! fssb: child exited with 0 fssb: sandbox directory: /tmp/fssb-1 + 25fa8325e4e0eb8180445e42558e60bd = new_file
you'll see that there's no file created:
$ cat new_file cat: new_file: No such file or directory
Instead, the file is actually created in a sandbox:
$ cat /tmp/fssb-1/25fa8325e4e0eb8180445e42558e60bd Hello world!
And the best part is, the running child program doesn't even know about it!
You can run
./fssb -h to see more options.
Neat. How does this work?
In Linux, every program's every operation (well, not every operation; most) is actually made through something called a system call - or syscall for short. The
open command in Python is actually a
fopen command written in C a layer below, which is actually a syscall called
open (this is wrapped by
FSSB intercepts these syscalls before they are actually performed. For example just before the
open syscall is performed, the program is stopped. Now, each of these syscalls have arguments. For example, a
fopen("new_file", "w") in C may actually look like:
open("new_file", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
The first argument is the filename, the second are the flags, the third is the mode. To learn more about these, run
man -s 2 open.
Each syscall can have at most 6 arguments - these map to six CPU registers, each of which hold a value. In the above example, just before the
open syscall is executed, the first register holds a memory address pointing to a string
Anyway, just before the syscall is executed, FSSB switches the string to something else - to a filename in the sandbox. And then lets the syscall go on. To the CPU, you basically asked to create a file in the sandbox. So it does.
Then just after the syscall finishes (after the file is created), FSSB switches the value to its original value. Now, syscalls are pretty low-level. And we're operating on either sides of a syscall - just before and after its execution. So the program has no way of knowing that the file was actually created in the sandbox. Every subsequent operation is actually performed on the sandbox file.
Contributing to the FSSB project
This is still in its alpha stage. There are so many syscalls - at the moment, there's support for sandboxing of:
- creating new files
- modifying existing files
- deleting files
- renaming files
- reading files
There's still a lot of stuff to do. And I'd really appreciate help over here. I've tried to make the code very readable with looots of comments and documentation for what each thing does.
And of course, I've only implemented this for my x86_64 linux system. I'd greatly appreciate any help if someone could make this portable to other archs (please take a look at the
syscalls.h file for this).
FSSB - Filesystem Sandbox for Linux Copyright (C) 2016 Adhityaa Chandrasekar This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
See the LICENSE file for more details.