Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kpcyrd/boxxy-rs

Linkable sandbox explorer
https://github.com/kpcyrd/boxxy-rs

regression-testing rust sandboxing security-testing

Last synced: 4 days ago
JSON representation

Linkable sandbox explorer

Host: GitHub
URL: https://github.com/kpcyrd/boxxy-rs
Owner: kpcyrd
License: lgpl-3.0
Created: 2017-10-27T17:13:24.000Z (about 7 years ago)
Default Branch: main
Last Pushed: 2022-11-24T17:52:12.000Z (almost 2 years ago)
Last Synced: 2024-10-16T12:37:27.671Z (18 days ago)
Topics: regression-testing, rust, sandboxing, security-testing
Language: Rust
Homepage: https://docs.rs/boxxy/
Size: 213 KB
Stars: 78
Watchers: 5
Forks: 7
Open Issues: 10
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        # boxxy-rs [![Build Status][travis-img]][travis] [![crates.io][crates-img]][crates] [![docs.rs][docs-img]][docs]

[travis-img]:   https://travis-ci.org/kpcyrd/boxxy-rs.svg?branch=master

[travis]:       https://travis-ci.org/kpcyrd/boxxy-rs

[crates-img]:   https://img.shields.io/crates/v/boxxy.svg

[crates]:       https://crates.io/crates/boxxy

[docs-img]:     https://docs.rs/boxxy/badge.svg

[docs]:         https://docs.rs/boxxy

"_If you implement boundaries and nobody is around to push them, do they even

exist?_". Have you ever wondered how your sandbox looks like from the inside?

Tempted to test if you can escape it, if only you had a shell to give it a try?

boxxy is a library that can be linked into a debug build of an existing program

and drop you into an interactive shell. From there you can step through various

stages of your sandbox and verify it actually contains™.

## Development

    cargo run --example boxxy

## Linking with rust

Just put a dev-dependencies in your Cargo.toml and copy `examples/boxxy.rs` to

your `examples/` folder. Modify to include your sandbox.

    [dev-dependencies]

    boxxy = "0.*"

## Linking with C

There is an example program, check the Makefile to see how it's built.

    make cboxxy

## Calling into machinecode

     [%]> # just RET to prompt

     [%]> jit ww==

     [%]> # print ohai and exit

     [%]> jit 6xpeuAEAAABIice6BQAAAA8FuDwAAABIMf8PBejh////b2hhaQo=

You can use the `objdump` utility to generate shellcode from assembly:

    make sc/ohai && cargo run --example objdump sc/ohai

## Invoking from php

See [autoboxxy](autoboxxy/) for tooling to load boxxy from php, even if

`shell_exec` and friends are disabled by php.ini.

## Static binary

You may need to build a fully static binary, this is possible using the

`x86_64-unknown-linux-musl` target.

    cargo build --release --example boxxy --target x86_64-unknown-linux-musl

    strip target/x86_64-unknown-linux-musl/release/examples/boxxy

## Debugging systemd security

There is a special ipc binary that automatically swaps its stdio interface with

an unix domain socket so it can be used to debug security settings of a systemd

unit.

Prepare `ipc-boxxy`:

    cargo build --release --example ipc-boxxy

    install -Dm755 target/release/examples/ipc-boxxy /usr/local/bin/ipc-boxxy

Prepare systemd unit:

    sudo tee /etc/systemd/system/[email protected] <