From 0d4ba5a8d85fd1a4408d5c493a63743579c01274 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Wed, 5 Mar 2025 17:05:13 -0500 Subject: [PATCH 1/3] docs: Add Limitations section to README Warn operators about areas where they will need to take extra care. --- README.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.rst b/README.rst index b9e1d282..234843cc 100644 --- a/README.rst +++ b/README.rst @@ -257,6 +257,22 @@ Python code, and runs it using jail_code, modifying the globals dictionary as a side-effect. safe_exec does this by serializing the globals into and out of the subprocess as JSON. +Limitations +----------- + +* If codejail or AppArmor is not configured properly, codejail will default to + running code insecurely (no sandboxing). It is not secure by default. +* Resource limits can only be constrained using the mechanisms that Linux's + rlimit makes available. While rlimit can limit the size of any one file that + a process can create, and can limit the number of files it has open at any + one time, it cannot limit the total number of bytes written across *all* files. + A partial mitigation is to constrain the max execution time. (All files + written in the sandbox will be deleted at end of execution, in any case.) +* Sandboxes do not have strong isolation from each other. Under proper + configuration, untrusted code should not be able to discover other actively + running code executions, but if this assumption is violated then one sandbox + could theoretically interfere with another one. + Reporting Security Issues ------------------------- From 5742a46f671ffdb46aa76aa984c2c4c0a8e32f70 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Thu, 6 Mar 2025 15:34:42 +0000 Subject: [PATCH 2/3] fixup! Note complete reliance on apparmor --- README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.rst b/README.rst index 234843cc..a286dcc2 100644 --- a/README.rst +++ b/README.rst @@ -262,6 +262,8 @@ Limitations * If codejail or AppArmor is not configured properly, codejail will default to running code insecurely (no sandboxing). It is not secure by default. +* Sandbox isolation is achieved via AppArmor confinement. Codejail facilitates + this, but cannot isolate execution without the use of AppArmor. * Resource limits can only be constrained using the mechanisms that Linux's rlimit makes available. While rlimit can limit the size of any one file that a process can create, and can limit the number of files it has open at any From 4b3fb1c0260201d636b1b9d4344700da55d42042 Mon Sep 17 00:00:00 2001 From: Tim McCormack Date: Thu, 6 Mar 2025 18:13:00 +0000 Subject: [PATCH 3/3] fixup! Expand note on files --- README.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index a286dcc2..e916e614 100644 --- a/README.rst +++ b/README.rst @@ -267,7 +267,8 @@ Limitations * Resource limits can only be constrained using the mechanisms that Linux's rlimit makes available. While rlimit can limit the size of any one file that a process can create, and can limit the number of files it has open at any - one time, it cannot limit the total number of bytes written across *all* files. + one time, it cannot limit the total number of files written, and therefore + cannot limit the total number of bytes written across *all* files. A partial mitigation is to constrain the max execution time. (All files written in the sandbox will be deleted at end of execution, in any case.) * Sandboxes do not have strong isolation from each other. Under proper