From 340c969dabb6d666d5d052ace26c9b656b7a9126 Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <dsilvers@digital-scurf.org>
Date: Sun, 29 Jul 2012 15:55:41 +0100
Subject: SANDBOX: Enough sandboxing to get us further.  Testing the wrapper is
 hard

---
 notes/design | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'notes/design')

diff --git a/notes/design b/notes/design
index d055d1d..032f083 100644
--- a/notes/design
+++ b/notes/design
@@ -158,9 +158,12 @@ injected.
 1. The host starts by preparing a socketpair and forking.
 2. The forked process dup2()s the socketpair onto fd 0 and force-closes every
    FD (regardless of the likelyhood of it being open).
-3. Then the forked process executes a specifically compiled lua interpreter.
-4. The interpreter loads the Supple modules and then the one module so
-   instructed by the host.
+3. Then the forked process executes a specifically compiled lua interpreter
+   wrapper program which prevents LUA_PATH et al being passed to the real
+   lua interpreter.  It also sets the command line for the real interpreter
+   to simply be: lua -lsupple -esupple.sandbox.run()
+4. The real interpreter then loads the Supple modules and starts the sandbox
+   process.
 5. Said interpreter, if setuid(root) then
    1. makes a directory owned by root
    2. changes into that directory
-- 
cgit v1.2.1