upvote

points

by TheDong5 hours ago |
comments
upvoteby dns_snek3 hours ago|
next
[-]
> they're not sandboxes

Yes they can be, and Codex offers one. It uses Bubblewrap and seccomp on Linux which are perfectly capable of restricting filesystem access.

In a default setup every command is executed inside a restrictive sandbox and you're only asked for permission to run that command if the execution fails.

I don't necessarily think that it's a good idea to rely on these sandboxes as your only line of defense but that's absolutely a feature that they can, should, and do offer.

reply
upvoteby SoftTalker5 hours ago|
prev|
[-]
bash actually has a "restricted" mode which is sort of like that. In restricted mode, the following are disallowed:

- Changing directories with cd.

- Setting or unsetting the values of SHELL, PATH, HISTFILE, ENV, or BASH_ENV.

- Specifying command names containing /.

- Importing function definitions from the shell environment at startup.

- Parsing the values of BASHOPTS and SHELLOPTS from the shell environment at startup.

... some other things mainly preventing you from escaping or disabling the restricted mode.

reply
upvoteby 8organicbits5 hours ago|
parent|
[-]
Does that work? I've never seen it used. It seems easy to escape.

The docs seem to suggest using alternate approaches.

> Modern systems provide more secure ways to implement a restricted environment, such as jails, zones, or containers.

https://www.gnu.org/software/bash/manual/html_node/The-Restr...

reply
upvoteby SoftTalker4 hours ago|
parent|
[-]
I don't think I've ever seen it used. I think the idea was back in the day when you wanted to let a user have a shell login (because that's the only way you could use a shared computer) but wanted to confine them to a specific directory and prevent them running anything that wasn't in the pre-defined PATH that you set for them.
reply
upvoteby tingletech3 hours ago|
parent|
next
[-]
You could also produce special purpose applications this way, say to provide access to the online library catalog, or a run a gopher client for use in a public terminal lab. Telnetting to a unix account running some sort of restricted shell was how these often worked.

A sibling comment I can't reply to asks if you can do with with unix permissions.

These were really intended for anonymous guest access, or at least often used for this purpose. You couldn't do the same things with the file permissions systems at the time.

reply
upvoteby ryoshu3 hours ago|
parent|
prev|
[-]
Can't you do that with regular Unix permissions?
reply