mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-12 19:55:14 +02:00
71 lines
2.8 KiB
Text
71 lines
2.8 KiB
Text
;; Phase 18 (Track E.2) — FILE_IO / path-traversal profile.
|
|
;;
|
|
;; The strictest of the per-cap profiles: blocks every host secret /
|
|
;; user-data path a filesystem-escape payload would target. Read /
|
|
;; write access to system libraries (`/usr`, `/System`, `/Library`) is
|
|
;; preserved so the interpreter (python3 / node / java) can cold-start.
|
|
;;
|
|
;; Sensitive paths denied:
|
|
;; * `/etc/{passwd,master.passwd,shadow,sudoers}` + their
|
|
;; `/private/etc/...` mirrors — host credentials.
|
|
;; * `/Users` — every user's home directory.
|
|
;; * `/var/db` and `/private/var/db` — Open Directory and
|
|
;; opendirectoryd state.
|
|
;; * `/var/log` and `/private/var/log` — system + auth logs.
|
|
;; * `/Library/Keychains` — host keychain databases.
|
|
;;
|
|
;; Writes outside WORKDIR are denied broadly: a tainted path payload
|
|
;; cannot drop files into `/tmp` peers, `/var/folders`, or the user's
|
|
;; home.
|
|
|
|
(version 1)
|
|
(allow default)
|
|
|
|
;; The `/Users` denylist uses regex matches on specific secret-bearing
|
|
;; subpaths instead of a blanket `(subpath "/Users")` deny. See the
|
|
;; matching comment in `cmdi.sb` for the cold-start rationale. The
|
|
;; FILE_IO profile is the strictest of the cap profiles so the regex
|
|
;; set is wider than the CMDI / SSRF profiles: every credential file
|
|
;; under `~` plus per-app secret stores (Slack tokens, VS Code user
|
|
;; settings, Mail database) are denied.
|
|
(deny file-read*
|
|
(literal "/etc/passwd")
|
|
(literal "/etc/master.passwd")
|
|
(literal "/etc/shadow")
|
|
(literal "/etc/sudoers")
|
|
(literal "/private/etc/passwd")
|
|
(literal "/private/etc/master.passwd")
|
|
(literal "/private/etc/shadow")
|
|
(literal "/private/etc/sudoers")
|
|
(regex #"^/Users/[^/]+/\.ssh(/|$)")
|
|
(regex #"^/Users/[^/]+/\.aws(/|$)")
|
|
(regex #"^/Users/[^/]+/\.gnupg(/|$)")
|
|
(regex #"^/Users/[^/]+/\.netrc$")
|
|
(regex #"^/Users/[^/]+/\.docker(/|$)")
|
|
(regex #"^/Users/[^/]+/\.kube(/|$)")
|
|
(regex #"^/Users/[^/]+/\.config/gh(/|$)")
|
|
(regex #"^/Users/[^/]+/\.zsh_history$")
|
|
(regex #"^/Users/[^/]+/\.bash_history$")
|
|
(regex #"^/Users/[^/]+/Library/Keychains(/|$)")
|
|
(regex #"^/Users/[^/]+/Library/Cookies(/|$)")
|
|
(regex #"^/Users/[^/]+/Library/Mail(/|$)")
|
|
(regex #"^/Users/[^/]+/Library/Application Support/com\.apple\.TCC(/|$)")
|
|
(regex #"^/Users/[^/]+/Library/Application Support/Slack(/|$)")
|
|
(regex #"^/Users/[^/]+/Library/Application Support/Code/User(/|$)")
|
|
(subpath "/var/db")
|
|
(subpath "/private/var/db")
|
|
(subpath "/var/log")
|
|
(subpath "/private/var/log")
|
|
(subpath "/Library/Keychains"))
|
|
|
|
;; Writes: deny everything outside WORKDIR + `/dev/null`. The
|
|
;; subpath-allow re-enables WORKDIR after the broad deny.
|
|
(deny file-write*
|
|
(subpath "/")
|
|
(with no-log))
|
|
(allow file-write*
|
|
(subpath (param "WORKDIR"))
|
|
(literal "/dev/null")
|
|
(literal "/dev/dtracehelper")
|
|
(literal "/dev/stdout")
|
|
(literal "/dev/stderr"))
|