Problem

Supply chain attacks became very common thing these days, but we're still running untrusted code on our machines everyday. This crate provides cargo safe subcommand, that runs all commands in a sandboxed environment.

For now it is working on macOS only using Apple's sandboxing mechanism.

How to use it?

Installation

$ cargo install cargo-safe

Using is pretty simple, you can use any cargo command:

$ cargo safe buld
$ cargo safe test
$ cargo safe run

Or any other cargo command.

Can cargo safe be shadowed with an alias?

An attacker might try to bypass sandboxing with a following .cargo/config.toml:

[alias]
safe = "run"

Fortunatley, this will not work, because cargo prohibids shadowing of already existing subcommands:

$ cargo safe run
error: no such command: `safe`

help: a command with a similar name exists: `safe`

help: view all installed commands with `cargo --list`
help: find a package to install `safe` with `cargo search cargo-safe`

What is allowed inside sandoxed environment

Read access

Sandobx allow access to list all files (without reading their content), and read/execute following files and directories:

• /dev/random and /dev/urandom
• /dev/tty
• All files in PATH directiories
• All files in following directories (and subdirectories):
  • /private/etc/
  • /private/var/db/timezone/
  • /Applications/Xcode.app/Contents/Developer
  • /usr/lib/
  • /private/var/db/dyld/
  • /System/Library/
  • /System/Volumes/Preboot/Cryptexes/OS
  • /System/Cryptexes/OS/
  • /Library/Preferences/

Write access

• OS temporary directory
• cargo and target directories private to a sandbox (separate from $HOME/.cargo and target in your workdir)
• Cargo.lock in your project directory – otherwise it's impossible to build a project

Network access

• communication over /private/var/run/mDNSResponder – to allow DNS lookups
• outbound network connections to ports 80/443 - to download crates

Full list of permissions can be found in sources.