Plash is an open source system utility for sandboxing Linux applications. Plash aims to downgrade the threats posed by executing untrusted programs by running them in a secure, restricted execution environment with the minimum authority and privileges they need to do their job.
Plash virtualizes the file name-space and provides per-sandboxed-process name-spaces. It locks the sandboxed processes in a very minimal chrooted environment and restricts access to the kernel-based system calls.
The sandboxed process accesses the filesystem by making remote procedure calls across a socket to a server process. Plash dynamically links sandboxed programs with a modified version of GNU libc (glibc), which replaces the filename-related calls (such as open()) so that they make RPCs across the socket instead of using the usual system calls.
Plash’s sandboxing mechanism works on unmodified Linux kernels - 2.6, 2.4 and earlier - and can run normal Linux executables, provided they are dynamically linked. Plash can be used to run servers, command line tools, and applications with graphical user interfaces.
Post a Comment
Contact
Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com
subscribe
Search
Latest Entries
- msramdmp: Dump RAM from a USB stick
- SWFIntruder: Are your Flash applications secure?
- Untidy: Python-based XML fuzzer
- Jailbreaking iPhone software v1.1.1
- Secure browsing with Squid and SSH
- Combat spam with Gmail aliases
- 5 Essential laptop security tips
- Email encryption with GPG and Mail.app
- Firefox: Disable suspicious JavaScript features
- aSSL: Add SSL to your Ajax application
Archives
