seccomp based sandbox.
Add a ptrace/seccomp based sandbox
This uses seccomp-bpf, so it is only supported only Linux. It likely only works on 64 bit platforms at the moment. It is activated with the option -dsafer.
The sandbox prohibits most system calls that can modify state. File manipulations are subject to the following policy:
-
All file reads are allowed (this is hard to do otherwise; the numerous dependencies of LilyPond open all types of files)
-
All writes in /tmp are allowed
-
Writes to a limited number of file extensions is also allowed
While this is not foolproof, this is much more safe than the old "-dsafe" mode. The "-dsafe" mode does a passable job of protecting inline Scheme from shenanigans directly. Unfortunately, there are many places where "unsafe" modules are still used. For example, all scopes are unsafe by default, so
xyz = \systemwill store the 'system' Scheme funcion in a lilypond variable. Creating an exploit is left to the reader as an exercise.
$ cat naughty.ly
#(system "id")
$ lilypond -dsafer naughty.ly
GNU LilyPond 2.21.5
Processing `naughty.ly'
Parsing...killing child due to prohibited syscall 13
$ cat naughty2.ly
#(open-file "naughty.zip" "w")
$ lilypond -dsafer naughty2.ly
GNU LilyPond 2.21.5
Processing `naughty2.ly'
Parsing...prohibited file access: syscall openat, file naughty.zip