Plash
Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
| Tags | Security Filesystems Shells Operating Systems Operating System Kernels Linux Text Editors Emacs |
|---|---|
| Operating Systems | POSIX Linux |
| Implementation | Unix Shell C |
Recent releases
- 05 May 2008 11:17
Changes: The build system for PlashGlibc has been changed to integrate better with glibc's normal build process. As a result, it is easier to build Plash on architectures other than i386, and this is the first release to support AMD-64. The forwarding of stdin/stdout/stderr that was introduced in the previous release caused a number of bugs that should now be fixed.
- 10 Jun 2007 04:37
Changes: A security vulnerability relating to granting access to terminal was fixed. A package system for running programs from Debian packages in sandboxes was added.
- 29 Dec 2006 07:10
Changes: This release adds Python bindings for Plash's object interface, layered/copy-on-write directories, an update to build glibc 2.3.6, 2.4, and 2.5 (previously only 2.3.5), security fixes to disallow setting setuid/setgid bits and to fix the -t option in pola-run, a -e option for pola-run, and packaging improvements to build packages for three Debian variants. pola-run now looks up executables in PATH.
- 19 Mar 2006 18:28
Changes: The replacement GtkFileChooserDialog class has been rewritten, which allows the powerbox file chooser to work with a lot more GTK applications (including Firefox, Gnumeric, and Inkscape). The documentation has been reorganised, and examples, screenshots, etc. have been added. The build process has been revised, and an autoconf script added. Test cases have been added. A bug in exec-object has been added. This release is available from an SVN repository.
- 15 Dec 2005 22:25
Changes: This release introduces a patch to Gtk that changes GtkFileChooserDialog to use Plash's powerbox. This provides a mechanism, transparent to the user, for granting Gtk applications access to specific files, so that users do not need to trust the application with access to all of their files. A number of issues have been fixed so that Konqueror and Gnumeric are able to run under the Plash environment. The Plash shell has been renamed to "pola-shell", to distinguish it from the rest of Plash's components.
