{"id":28000699,"url":"https://github.com/sysprog21/moxiebox","last_synced_at":"2025-07-14T15:07:19.921Z","repository":{"id":72389351,"uuid":"109805987","full_name":"sysprog21/moxiebox","owner":"sysprog21","description":"A secure, sandboxed execution mechanism that enables deterministic input, processing and output","archived":false,"fork":false,"pushed_at":"2017-11-09T22:26:39.000Z","size":67,"stargazers_count":9,"open_issues_count":0,"forks_count":18,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-08T23:54:19.197Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysprog21.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-11-07T08:16:04.000Z","updated_at":"2024-01-13T23:57:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"c900b0c2-46c7-45b1-8e77-6fe6165daaca","html_url":"https://github.com/sysprog21/moxiebox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sysprog21/moxiebox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysprog21%2Fmoxiebox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysprog21%2Fmoxiebox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysprog21%2Fmoxiebox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysprog21%2Fmoxiebox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysprog21","download_url":"https://codeload.github.com/sysprog21/moxiebox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysprog21%2Fmoxiebox/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265311850,"owners_count":23745155,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-08T23:54:17.225Z","updated_at":"2025-07-14T15:07:19.907Z","avatar_url":"https://github.com/sysprog21.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# moxiebox\n\n## Motivation\n\nThe goal of moxiebox is to provide a secure, sandboxed execution\nmechanism that enables deterministic input, processing and output.\nExecution is separated out into distinct phases:\n\n1. Prepare and load hash-sealed program executables, data.\n2. Execute program as a black box, with no I/O capability.\n   Runs until exit or CPU budget exhausted (or CPU exception).\n3. Gather processed data, if any.\n\nA single thread of execution pre-loads necessary data, then simulates a\n32-bit little endian Moxie CPU, running the loaded code.\n\nThis program is built using the \"moxiebox\" target in upstream binutils\nand gcc.  A reduced (C-only) gcc toolchain is therefore available for\nimmediate use by developers.\n\nFrom the Moxie program's point of view, it is a single thread running\nas root and is essentially the entire operating system kernel +\napplication, all in a single wrapper.\n\nFrom the sandbox's point of view, the application is running as an\nunpriv'd application with only the ability to access data within the\nhand-built memory map.\n\nCheck [sandbox execution environment](sandbox-design.md) for details.\n\nMore info about the Moxie architecture may be found as following:\n* [Moxie Architecture](http://moxielogic.org/blog/pages/architecture.html)\n* [Moxie Blog](http://moxielogic.org/blog)\n\n\n## Prerequisites\n\nYou will need to build and install moxie binutils+gcc cross-compiler\ntoolchain first. It is suggested using derived [crosstool-ng](https://github.com/jserv/crosstool-ng):\n\n    git clone https://github.com/jserv/crosstool-ng\n    ./bootstrap\n    ./configure\n    make\n    make install\n    mkdir -p ~/build-toolchain\n    cd ~/build-toolchain\n    ct-ng moxie-none-moxiebox\n    ct-ng build\n\nAfter [crosstool-NG](https://crosstool-ng.github.io/docs/) builds everything\nfrom scratch, you will get GNU toolchain for Moxiebox in directory\n`$HOME/x-tools/moxie-none-moxiebox`. You can update `$PATH` via:\n\n    source envsetup\n\n\n## Build and verify sandbox\n\nOnce Moxiebox toolchain is properly installed, simply build with GNU make:\n\n    make\n\nAnd verify:\n\n    make check\n\n\n## Usage\n\nExample usage of sandbox:\n\n    $ src/sandbox \\\n          -e runtime/test1 \\\n          -d mydata.json \\\n          -d mydata2.dat \\\n          -o file.out\n\nIf you specify the -g \u003cport\u003e option, then sandbox will wait for a GDB\nconnection on the given port.  For example, run sandbox like so:\n\n    $ src/sandbox -e tests/rtlib -g 9999\n    ep 00001000\n    ro 00000f8c-00001540 elf0\n    rw 00001640-00001aa8 elf1\n    rw 00002aa8-00012aa8 stack\n    ro 00013aa8-00013b48 mapdesc\n    \nAnd, in a separate console, run GDB to connect to sandbox using the\n`target remote` command like so:\n\n    $ moxie-none-moxiebox-gdb -q tests/rtlib\n    Reading symbols from basic...done.\n    (gdb) target remote :9999\n    Remote debugging using :9999\n    0x00001000 in __start ()\n    (gdb) b main\n    Breakpoint 1 at 0x13da: file rtlib.c, line 73.\n    (gdb) c\n    Continuing.\n\n    Breakpoint 1, main (argc=0, argv=0x2) at rtlib.c:73\n    73\t{\n    (gdb) x/4i $pc\n    =\u003e 0x13da \u003cmain\u003e:\tpush\t$sp, $r6\n       0x13dc \u003cmain+2\u003e:\tpush\t$sp, $r7\n       0x13de \u003cmain+4\u003e:\tdec\t$sp, 0x38\n       0x13e0 \u003cmain+6\u003e:\tldi.l\t$r2, 0x11\n    (gdb)\n\n\n## Licensing\n\n`moxiebox` is freely redistributable under MIT X License.\nUse of this source code is governed by the license that can be found\nin the `LICENSE` file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysprog21%2Fmoxiebox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysprog21%2Fmoxiebox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysprog21%2Fmoxiebox/lists"}