Add environment sanitization

2025-12-25 20:47:11 -08:00
parent 32d785c703
commit f86d9a2c82
17 changed files with 340 additions and 31 deletions
--- a/docs/security-model.md
+++ b/docs/security-model.md
@@ -43,6 +43,15 @@ Localhost is separate from "external domains":
 - **denyRead** can block reads from sensitive paths.
 - Fence includes an internal list of always-protected targets (e.g. shell configs, git hooks) to reduce common persistence vectors.

+### Environment sanitization
+
+Fence strips dangerous environment variables before passing them to sandboxed commands:
+
+- `LD_*` (Linux): `LD_PRELOAD`, `LD_LIBRARY_PATH`, etc.
+- `DYLD_*` (macOS): `DYLD_INSERT_LIBRARIES`, `DYLD_LIBRARY_PATH`, etc.
+
+This prevents a library injection attack where a sandboxed process writes a malicious `.so`/`.dylib` and then uses `LD_PRELOAD`/`DYLD_INSERT_LIBRARIES` in a subsequent command to load it.
+
 ## Visibility / auditing

 - `-m/--monitor` helps you discover what a command *tries* to access (blocked only).