namecoin / sockstrace

Go port of Heteronculous (ptrace-based proxy leak detector). Outreachy project.
https://www.namecoin.org/
GNU General Public License v3.0
7 stars 3 forks source link

Implement a Linux Namespaces wrapper #70

Open JeremyRand opened 10 months ago

JeremyRand commented 10 months ago

As @adrelanos suggested on the Whonix forum, it would be desirable to implement a Linux Namespaces wrapper for Horklump, so that even if a malicious tracee escapes from the ptrace sandbox, it still won't be able to bypass the proxy.

(This is not a replacement for ptrace, just a defense-in-depth tactic.)

JeremyRand commented 1 week ago

It sounds like @handpickencounter has some code sitting around for this purpose?

They also said:

suggestion - simply unshare the network namepsace (no interfaces, no listening ports) so no need to block any packets. utilize tor's ability to create unix domain sockets for socks5 listeners.

handpickencounter commented 1 week ago

You can do

unshare --net -- socktrace ... -- app

The way I usually do it is with a more comprehensive setup for bwrap (bubblewrap) and unshare more things, apply seccomp, private writable /home dir etc