teliva

History

Kartik K. Agaram 3964dd5f57 .		2021-12-25 07:34:51 -08:00
..
includes	stop futzing around and start sandboxing	2021-12-24 10:39:06 -08:00
README.md	.	2021-12-25 07:34:51 -08:00
system_includes	stop futzing around and start sandboxing	2021-12-24 10:39:06 -08:00
unique_system_includes	stop futzing around and start sandboxing	2021-12-24 10:39:06 -08:00

README.md

This directory includes some working notes to audit the entire Teliva codebase for side-effects that should be gated/sandboxed.

Founding principle for this approach: Side-effects come from the OS. There can be no effects visible outside a Unix process (regardless of language) if it doesn't invoke any OS syscalls.

Top down

Things to secure:

files opened (for read/write) on file system
what gets written to files on file system
destinations opened (for read/write) on network
- inet_tryconnect // socket_connect
- inet_tryaccept // socket_accept
what gets written to network
- socket_send, socket_sendto
- socket_recv, socket_recvfrom

Bottom up

includes: all #includes throughout the codebase. I assume that C the language itself can't invoke any syscalls without at least triggering warnings from the compiler.
```
cd src
grep '#include' * */* > ../sandboxing/includes
```
system_includes: all #include <...>s throughout the codebase. I assume side-effects require going outside the codebase. #includes could smuggle out of the codebase using relative paths (../) but I assume it's easy to protect against this using code review.
```
grep '<' sandboxing/includes > sandboxing/system_includes
```

unique_system_includes: deduped

sed 's/.*<\|>.*//g' sandboxing/system_includes |sort |uniq > sandboxing/unique_system_includes