{"id":13546156,"url":"https://github.com/insanitybit/cargo-sandbox","last_synced_at":"2026-01-16T11:56:27.679Z","repository":{"id":71431536,"uuid":"583942910","full_name":"insanitybit/cargo-sandbox","owner":"insanitybit","description":null,"archived":false,"fork":false,"pushed_at":"2023-02-23T17:26:04.000Z","size":48,"stargazers_count":112,"open_issues_count":23,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-26T20:58:35.700Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/insanitybit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-12-31T15:11:58.000Z","updated_at":"2025-03-22T10:17:02.000Z","dependencies_parsed_at":"2023-06-12T03:00:41.190Z","dependency_job_id":null,"html_url":"https://github.com/insanitybit/cargo-sandbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insanitybit%2Fcargo-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insanitybit%2Fcargo-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insanitybit%2Fcargo-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/insanitybit%2Fcargo-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/insanitybit","download_url":"https://codeload.github.com/insanitybit/cargo-sandbox/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246860274,"owners_count":20845636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T12:00:32.633Z","updated_at":"2025-04-02T17:32:38.572Z","avatar_url":"https://github.com/insanitybit.png","language":"Rust","funding_links":[],"categories":["Threat Detection and Forensics","Rust"],"sub_categories":["Packing, Obfuscation, Encryption, Anti-analysis"],"readme":"# cargo-sandbox\n`cargo-sandbox` intends to be a drop-in replacement for `cargo`, with the added benefit\nof isolating those commands from other parts of your system - that is, it runs cargo commands\nin a \"sandbox\".\n\nFor example, instead of running:\n`cargo check`\n\nYou can run:\n`cargo-sandbox check`\n\n## Threat Model\n`cargo-sandbox` intends to protect against a specific attacker with specific goals.\n\nThe attacker can execute code on your host but only as part of a cargo command. This can be\naccomplished through malicious build scripts, procedural macros, and possibly other methods.\n\n`cargo-sandbox` *does* aim to prevent this attacker from:\n1. Reading or writing files outside of the project's appropriate context\n2. Gaining access to sensitive environment variables, such as tokens or passwords\n3. Gaining access to your crates.io login token\n\n`cargo-sandbox` *does not* aim to prevent this attacker from:\n1. Patching your code such that it executes malicious code at runtime\n\n## Implementation\nCurrently the isolation provided by `cargo-sandbox` is achieved by running the cargo commands\nin various docker containers via the docker unix domain socket (currently hardcoded at \"/var/run/docker.sock\").\n\nEvery \"project\" has its own set of containers. Within a project there are two containers:\n1. Build - used for `cargo build`, `cargo check`, `cargo fmt`, etc.\n2. Publish - user for `cargo publish`\n\nNo data is shared across the Build and Publish containers within a project, no data is shared\nacross projects at all. In the future, for optimization purposes, there may be some tightly\ncontrolled sharing.\n\nIn order to make native dependencies easier to handle the current plan is to leverage `riff`.\nSee: https://determinate.systems/posts/riff-rust-maintainers\n\n\n#### Current State\nCurrently, `cargo-sandbox` is in a very early stage of development. The management of containers is\nerror prone and somewhat inefficient. Please see the issue tracker for more details, but here's the\nquicknotes version based on what I want to get done short term:\n\n- [X] Partial support for `build`, `check`, `publish`\n- [ ] Improved handling of native dependencies with `riff`\n- [ ] Support for `fmt`, `clippy`\n- [ ] Support for `run`, `test`, `bench`\n- [ ] Support for custom policies, including more restrictions\n\n### FAQ\n\n#### Does `cargo-sandbox` work on $OS?\n\nCurrently `cargo-sandbox` only works on Linux but that is not a fundamental limitation. While the project\nis still in its early stages I'd prefer to focus on getting the design right, not on portability.\n\nThat said, ensuring a path to broad OS support is a goal of the project.\n\n#### If the attacker can just patch code and execute in production, what's the point?\nTo briefly address this concern:\n\n1. There are already tons of tools and techniques for protecting arbitrary production programs. While I would\n   not call the problem \"solved\", the ability to constrain a program at runtime is far more mature.\n2. Surprisingly, given (1), a dev environment can be even more privileged than a service in production! Consider\n   that some developers will have code commit rights, browser session cookies, SSH keys, and other sensitive data.\n\nIndeed I suspect that many attackers are far more comfortable landing on a developer's laptop than in some random\nproduction service that may not even have external networking capabilities. Further, one tool does not need to solve\nall problems - in the future `cargo-sandbox` may expand its threat model.\n\nAt minimum I hope to (in the future) improve the ability to *audit* for such attacks, even if they are not prevented.\n\n#### I thought that containers weren't security boundaries? Is this adding any value?\n\nYou may have heard \"containers are not a security boundary\". That has not really been true for a long time, especially\nif we're talking about Docker containers.\n\nLet's define a security boundary as \"a limitation of an attacker's capabilities\nthat requires an explicit vulnerability to bypass\"; that is to say, if I can just \"ask\" to get out of a sandbox it is *not*\na boundary, but if I need to exploit a vulnerability that will eventually be patched then it *is* a boundary.\n\nSo... is a Docker Container a security boundary? It is - trivially so. There is no native means by which a process in a\nDocker Container can escape - any such attack would be considered a Docker vulnerability.\n\nBeyond that, Docker containers leverage a number of powerful security features:\n1. Namespaces: Docker containers run in isolated namespaces. Namespaces are a feature of the Linux kernel that allow\n   processes to have their own view of the system. For example, a process in a Docker container can have its own view of\n   the filesystem, network, users, and process tree.\n\n2. Apparmor/SELinux: Docker containers can (and will by default) run with support for Linux's powerful Mandatory Access\n   Control (MAC) systems. These systems allow processes to be restricted from accessing certain resources, such as files\n   or network ports.\n\n3. Seccomp: Docker containers run with a seccomp profile by default, restricting which system calls processes can make.\n   While the default profile may not be ideal, `cargo-sandbox` intends to provide a more restrictive profile with time.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finsanitybit%2Fcargo-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finsanitybit%2Fcargo-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finsanitybit%2Fcargo-sandbox/lists"}