| ▲ | himata4113 12 hours ago | ||||||||||||||||
I recommend everyone to use bwrap if you're on linux and alias all package managers / anything that has post build logic with it. I have bwrap configured to override: npm, pip, cargo, mvn, gradle, everything you can think of and I only give it the access it needs, strip anything that is useless to it anyway, deny dbus, sockets, everything. SSH is forwarded via socket (ssh-add). This limits the blast radius to your CWD and package manager caches and often won't even work since the malware usually expects some things to be available which are not in a permissionless sandbox. You can think of it as running a docker container, but without the requirement of having to have an image. It is the same thing flatpak is based on. As for server deployments, container hardening is your friend. Most supply chain attacks target build scripts so as long as you treat your CI/CD as an untrusted environment you should be good - there's quite a few resources on this so won't go into detail. Bonus points: use the same sandbox for AI. Stay safe out there. | |||||||||||||||||
| ▲ | captn3m0 10 hours ago | parent | next [-] | ||||||||||||||||
This only works for post-install script attacks. When the package is compromised, just running require somewhere in your code will be enough, and that runs with node/java/python and no bwrap. | |||||||||||||||||
| |||||||||||||||||
| ▲ | mixedbit 10 hours ago | parent | prev | next [-] | ||||||||||||||||
Check also https://github.com/wrr/drop which is a higher-level tool than bwrap. It allows you to make such isolated sandboxes with minimal configuration. | |||||||||||||||||
| |||||||||||||||||
| ▲ | kanbankaren 9 hours ago | parent | prev | next [-] | ||||||||||||||||
I think firejail is a much more flexible security sandbox than bwrap. It also comes with pre-defined profiles | |||||||||||||||||
| |||||||||||||||||
| ▲ | ashishb 10 hours ago | parent | prev | next [-] | ||||||||||||||||
I wrote a Docker-based sandbox [1] for myself last year to control the blast radius of such malicious packages. | |||||||||||||||||
| ▲ | vips7L 12 hours ago | parent | prev | next [-] | ||||||||||||||||
AFAIK maven doesn’t support post install logic like npm does. You have to explicitly optin with build plugins. It doesn’t let any arbitrary dependency run code on your machine. | |||||||||||||||||
| |||||||||||||||||
| ▲ | mxmlnkn 8 hours ago | parent | prev | next [-] | ||||||||||||||||
I like the idea of bubblewrap, but my pain point is that it is work to set it up correctly with bind mounts and forwarding necessary environment variables to make the program actually work usefully. Could you share your pip bwrap configuration? It sounds useful. | |||||||||||||||||
| |||||||||||||||||
| ▲ | micw 11 hours ago | parent | prev | next [-] | ||||||||||||||||
> SSH is forwarded via socket Maybe I misunderstood this point. But the ssh socket also gives access to your private keys, so I see no security gain in that point. Better to have a password protected key. | |||||||||||||||||
| |||||||||||||||||
| ▲ | johntash 11 hours ago | parent | prev [-] | ||||||||||||||||
Do you have a recommendation for something like bwrap but for macos? I've been trying to use bwrap more on my servers when I remember. | |||||||||||||||||
| |||||||||||||||||