Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then give all files inside that folder only write privileges inside that folder, and not outside? so that echo "hello" >> log.txt would work, but echo "hello" >> ~/log.txt would not?

EDIT: thanks to everyone for the answers! I decided to opt for a VM to minimize the risk, but chroot is probably a faster solution for not-so-dangerous files

You are viewing a single thread.
View all comments
8 points
*

The old answer is a chroot jail, the new answer is a Docker container or VM if Docker won’t cut it.

I’m lazy, so Virtualbox is my VM software of choice. I keep a machine with a fresh debian install and just Clone it to make throwaway VMs.

Keep in mind that malicious software on a VM might be isolated from the host in many ways, but if it’s allowed to communicate on your network then it can still be dangerous, especially if you have samba shares, or services you don’t expose to the outside internet with weak or default passwords. (Did you change the admin password on your router’s Web interface?)

Creating a VM with no network interfaces is “mostly safe”, but you hear about VM bust out exploits now and then.

In reality, gold standard is a separate physical computer with no network connections to anything but other untrusted physical computers, and no wireless adapters (Bluetooth or WiFi). This is an “air gapped” network, but if you’re dealing with shit that makes you want an air gap, either you already know more than you’re gonna learn on Lemmy, or you’re bout to get your door kicked in by men in black suits :D

permalink
report
reply
4 points

Also worth saying 99.9% of air gap failures are due to some idiot getting lazy with a usb stick or a phone. They’re a bitch to work with.

(Another 0.09% are someone plugging the wrong cord into the wrong switch by accident or stupidity)

permalink
report
parent
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 8.4K

    Monthly active users

  • 6.3K

    Posts

  • 172K

    Comments