A tiny "sandbox" to run untrusted code ๐Ÿ–๏ธ

Overview

Sandy

A tiny sandbox to run untrusted code. ๐Ÿ–๏ธ

Sandy uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed.

WARNING: While sandy is able to intercept READ syscalls there are a variety of ways to get around this. Full details can be found in the hackernews thread. Some of which can be patched to catch simple attacks, but you should use sandy with the expectation that it is better than nothing but it is not true isolation.

Usage

Usage of ./sandy:

  sandy [FLAGS] command

  flags:
    -h	Print Usage.
    -n value
        A glob pattern for automatically blocking file reads.
    -y value
        A glob pattern for automatically allowing file reads.

Use cases

You want to install anything

> sandy -n "/etc/password.txt" npm install sketchy-module

  BLOCKED READ on /etc/password.txt
> sandy -n "/etc/password.txt" bash <(curl  https://danger.zone/install.sh)

  BLOCKED READ on /etc/password.txt

You are interested in what file reads you favourite program makes.

Sure you could use strace, but it references file descriptors sandy makes the this much easier at a glance by printing the absolute path of the fd.

> sandy ls
Wanting to READ /usr/lib/x86_64-linux-gnu/libselinux.so.1 [y/n]

You don't want to buy your friends beer

A friend at work knows that you are security conscious and that you keep a /free-beer.bounty file in home directory. With the promise of a round of drinks and office wide humiliation Dave tries to trick you with a malicious script under the guise of being a helpful colleague.

You run there script with sandy and catch him red handed.

> sandy -n *.bounty bash ./dickhead-daves-script.sh

  BLOCKED READ on /free-beer.bounty

NOTE: It's definitely a better idea to encrypt all your sensitive data, sandy should probably only be used when that is inconvenient or impractical.

NOTE: I haven't made any effort for cross-x compatibility so it currently only works on linux. I'd happily accept patches to improve portability.

Issues
  • Friendlier message when running without arguments

    Friendlier message when running without arguments

    Very nice little tool, congrats on the first release.

    Running without arguments currently panics.

    $ ./sandy
    panic: runtime error: slice bounds out of range [1:0]
    
    goroutine 1 [running]:
    main.main()
            /home/hobochild/Code/go/src/github.com/hobochild/sandy/sandy.go:167 +0x3af
    
    opened by DannyBen 0
  • error handling and dead code

    error handling and dead code

    The error is ignored here: https://github.com/hobochild/sandy/blob/66b0f7bfd3ae1c2089bcb58f90cd9107892ae895/sandy.go#L54

    Dead code:

    1. Error is always nil here. https://github.com/hobochild/sandy/blob/66b0f7bfd3ae1c2089bcb58f90cd9107892ae895/sandy.go#L83

    2. Error is always nil here as well. https://github.com/hobochild/sandy/blob/66b0f7bfd3ae1c2089bcb58f90cd9107892ae895/sandy.go#L97

    Unchecked Error: https://github.com/hobochild/sandy/blob/66b0f7bfd3ae1c2089bcb58f90cd9107892ae895/sandy.go#L104

    The error should also be printed in the testcases: https://github.com/hobochild/sandy/blob/66b0f7bfd3ae1c2089bcb58f90cd9107892ae895/sandy_test.go#L16

    opened by pallavJha 0
  •  update usage handler and handle no args

    update usage handler and handle no args

    The PR - updates the usage handler - adds example input for -n and -y flags

    $ ./sandy 
    Usage: ./sandy [OPTIONS] command
      -h	Print Usage.
      -n value
        	A glob pattern for automatically blocking file reads.
        	For example, "/etc/password.txt" or "*.txt".
      -y value
        	A glob pattern for automatically allowing file reads.
        	Expected format is same as -n.
    
    $ ./sandy -h
    Usage: ./sandy [OPTIONS] command
      -h	Print Usage.
      -n value
        	A glob pattern for automatically blocking file reads.
        	For example, "/etc/password.txt" or "*.txt".
      -y value
        	A glob pattern for automatically allowing file reads.
        	Expected format is same as -n.
    

    Fixes #1

    opened by pallavJha 0
  • Seccomp rewrite

    Seccomp rewrite

    Looks like seccomp supports user-space notifications which you can intercept the system call and return a response without the toctou attacks. But will need to patch golang-seccomp and make sure people have the newer seccomp lib installed.

    opened by hobochild 0
  • Follow child procs and threads

    Follow child procs and threads

    Not sure if all of this is possible, but we should try cover all syscalls spawned from the child process.

    opened by hobochild 0
  • Block on READV too.

    Block on READV too.

    Currently we just block READ calls we should cover these too.

    opened by hobochild 0
Releases(0.1.0)
Owner
Craig Mulligan
Don't believe in god or semi-colons.
Craig Mulligan
A tiny git forge written in Go

Smithy smithy (n) A blacksmith's shop; a forge. Smithy is a web frontend for git repositories. It's implemented entirely in Golang, compiles to a sing

Honza Pokorny 200 Nov 17, 2021
A tiny Nano wallet, focused on ease of use through simplicity

atto is a tiny Nano wallet, which focuses on ease of use through simplicity. Disclaimer: I am no cryptographer and atto has not been audited. I cannot

Richard Ulmer 22 Nov 29, 2021
A tiny Go library + client for downloading Youtube videos. The library is capable of fetching Youtube video metadata, in addition to downloading videos.

A tiny Go library + client (command line Youtube video downloader) for downloading Youtube videos. The library is capable of fetching Youtube video metadata, in addition to downloading videos. If ffmpeg is available, client can extract MP3 audio from downloaded video files.

Kunal Diwan 2 Sep 28, 2021
A tiny cli command/daemon for syncing toggl time entries with Jira

toggl-sync A tiny cli command/daemon for syncing toggl time entries with Jira Installation Install the app via brew package manager. brew tap timemate

TimeMate 2 Nov 30, 2021
Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go

Sloc Cloc and Code (scc) A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physica

Ben Boyter 2.9k Nov 27, 2021
ops - build and run nanos unikernels

OPS Ops is a tool for creating and running a Nanos unikernel. It is used to package, create and run your application as a nanos unikernel instance. Ch

NanoVMs 774 Dec 5, 2021
Run your MapReduce workloads as a single binary on a single machine with multiple CPUs and high memory. Pricing of a lot of small machines vs heavy machines is the same on most cloud providers.

gomap Run your MapReduce workloads as a single binary on a single machine with multiple CPUs and high memory. Pricing of a lot of small machines vs he

null 18 Aug 10, 2021
This is a command that simply prints "ok" onto your screen whenever you run the "ok" command

ok This is a command that simply prints "ok" onto your screen whenever you run the ok command Installation (Linux) Download the latest release and sud

ErrorNoInternet 5 Aug 15, 2021
A simple script to run speedtest(offical) CLI tool and store the results in CSV

PeriodicBW A script made to run official speedtest.net binary periodically and store the results in a CSV file Installation Get the official speedtest

Abhinav Krishna C K 6 Aug 10, 2021
A go library for easy configure and run command chains. Such like pipelining in unix shells.

go-command-chain A go library for easy configure and run command chains. Such like pipelining in unix shells. Example cat log_file.txt | grep error |

null 15 Nov 12, 2021
Commando - run commands against networking devices in batch mode

Commando is a tiny tool that enables users to collect command outputs from a single or a multiple networking devices defined in an inventory file.

Roman Dodin 27 Nov 23, 2021
Command-line tool to load csv and excel (xlsx) files and run sql commands

csv-sql supports loading and saving results as CSV and XLSX files with data processing with SQLite compatible sql commands including joins.

Dhamith Hewamullage 24 Sep 30, 2021
Handy commands to run in Go projects

Handy commands to run in Go projects

Nikolay Dubina 1.1k Dec 5, 2021
Run commands when files change.

Crow crow is a simple command-line utility that lets you run arbitrary commands when certain files change. Demo A demonstration of crow being used to

Maas Lalani 105 Dec 3, 2021
sttr is command line software that allows you to quickly run various transformation operations on the string.

sttr is command line software that allows you to quickly run various transformation operations on the string.

Abhimanyu Sharma 60 Sep 21, 2021
CLI to run your dataframes against SLU service and generated labeled dataframe.

trail CLI to run your dataframes against different services (currently, SLU service). Setup Get the latest binaries from the releases here. Choose the

Skit 3 Nov 12, 2021
A CLI application that allows you to run a complete ToDo app from your terminal application

todo-cli This is a CLI application that allows you to run a complete ToDo app from your terminal application. As a user you can: Create a list of todo

Jonathan Reeves 0 Oct 11, 2021
Commands to Build and Run dockerized-go-service

Dockerized Go Service Commands to Build and Run dockerized-go-service Syntax: $ docker image build /path/to -t imageName:version -t imageName:revision

Gรถkhan Tamkoรง 1 Oct 24, 2021
Run your workloads on ephemeral Virtual Machines

vm-spinner Run your workloads on ephemeral Virtual Machines. Descriprion A simple tool that spawns an arbitrary number of VMs in parallel, runs the sa

Jason Dellaluce 1 Nov 26, 2021