ZipJail is a usermode sandbox for unpacking archives using the
7z , and
unace utilities. Through the use of the tracy library it limits the attack surfaces to an absolute minimum in case a malicious archive tries to exploit known or unknown vulnerabilities in said archive tools.
zipjail command itself requires two parameters followed by the command that should be executed and jailed (i.e., sandboxed). The two parameters belonging to
zipjail define the filepath to the archive and the output directory to which file writes should be restricted.
$ zipjail zipjail 0.1 - safe unpacking of potentially unsafe archives. Copyright (C) 2016, Jurriaan Bremer <firstname.lastname@example.org>. Based on Tracy by Merlijn Wajer and Bas Weelinck. (https://github.com/MerlijnWajer/tracy) Usage: zipjail <input> <output> [-v] <command...> input: input archive file output: directory to extract files to verbose: some verbosity Please refer to the README for the exact usage.
Following we will demonstrate
zipjail ‘s usage based on an input file called
archive.zip and the output directory
In order to run
unzip the command-line should be constructed as follows.
$ zipjail file.zip /tmp/unpacked unzip -o -d /tmp/unpacked file.zip
Just like for the
7z command we require setting the multithreaded count for the
rar command. It should be noted that
5.00 beta 8 does not support the multithreaded option and thus
zipjail is not capable of running with that version. So far we have only tested that
zipjail works with
4.20 . Its usage is as follows.
$ zipjail file.rar /tmp/unpacked rar x -mt1 file.rar /tmp/unpacked
7z may be done as follows. Note that we pass along the
-mmt=off option which disables multithreaded decompression for
bzip2 targets. By keeping
zipjail ‘s sandboxing single-threaded we keep its logic easy and secure (using multithreading race conditions would be fairly trivial). In fact, as per our unittests, trying to instantiate multithreading (e.g., through
pthread , which internally invokes the
clone(2) system call) is blocked completely. (Also note that the directory provided to
-o parameter should be added right away without additional whitespaces).
$ zipjail file.7z /tmp/unpacked 7z x -mmt=off -o/tmp/unpacked file.7z
Another utility, another command-line. This time, for
unace , which handles
.ace files, the command-line is fairly straightforward except for the input file path and the directory path that are passed along. The file path must be an absolute path and the directory path needs to be slash-terminated, i.e., the path should finish off with a forward slash.
$ zipjail /tmp/file.ace /tmp/unpacked unace x /tmp/file.ace /tmp/unpacked/
It should be noted that only
2.5 is supported as the older versions don’t support either the command-line arguments or the
.ace samples that are actually being used in-the-wild. Installing this particular version may be done through
sudo apt install unace-nonfree .