nipbox

Go to file

Markus Maiwald 7d89e76f6c Phase 30: The Proxy Command (NipBox Worker Integration) PHASE 30: THE PROXY COMMAND - WORKER MODEL INTEGRATION ======================================================= Solved the Ratchet Problem by transforming NipBox from a Process Executor into a Process Supervisor. Commands now run in isolated workers with independent pledge contexts, preventing shell self-lobotomization. THE RATCHET PROBLEM - SOLVED ----------------------------- Before: Shell pledges itself → loses capabilities forever After: Shell spawns workers → workers pledge → shell retains PLEDGE_ALL ARCHITECTURE ------------ 1. WorkerPacket Protocol (Heap-based IPC): - Marshals complex Nim objects (seq[string], seq[KdlNode]) - Single address space = pointer passing via cast[uint64] - Worker unpacks, executes, stores result 2. Worker Trampoline (dispatch_worker): - C-compatible entry point (no closures) - Applies pledge restrictions before execution - Automatic cleanup on worker exit 3. Spawn Helper (spawn_command): - High-level API for pledged worker spawning - Fallback to inline execution if spawn fails - Automatic join and result extraction 4. Dispatcher Integration: - http.get: PLEDGE_INET \| PLEDGE_STDIO (no file access) - Other commands: Can be migrated incrementally SECURITY MODEL -------------- Shell (PLEDGE_ALL): └─> http.get worker (INET+STDIO only) ├─ Can: Network requests, console output └─ Cannot: Read files, write files, spawn processes Attack Scenario: - Malicious http.get attempts open("/etc/passwd") - Kernel enforces RPATH check - PLEDGE VIOLATION → Worker terminated - Shell survives, continues operation IMPLEMENTATION -------------- Files Modified: - core/rumpk/npl/nipbox/nipbox.nim: Worker system integration * Added WorkerPacket type * Added dispatch_worker trampoline * Added spawn_command helper * Updated dispatch_command for http.get * Added pledge constants Documentation: - docs/dev/PHASE_30_THE_PROXY.md: Architecture and security model USAGE EXAMPLE ------------- root@nexus:# http.get http://example.com [Spawn] Created worker FID=0x0000000000000064 [Pledge] Fiber 0x0000000000000064 restricted to: 0x0000000000000009 # ... HTTP response ... [Worker] Fiber 0x0000000000000064 terminated root@nexus:# echo "test" > /tmp/file # Works! Shell retained WPATH capability LIMITATIONS ----------- 1. No memory isolation (workers share address space) 2. Cooperative scheduling only 3. Manual command migration required 4. GC-dependent packet cleanup NEXT: Phase 31 - The Iron Wall (RISC-V PMP for memory isolation) Build: Validated on RISC-V (rumpk-riscv64.elf) Status: Production-ready	2026-01-02 14:33:47 +01:00
src	Phase 30: The Proxy Command (NipBox Worker Integration)	2026-01-02 14:33:47 +01:00

Markus Maiwald 7d89e76f6c Phase 30: The Proxy Command (NipBox Worker Integration)

PHASE 30: THE PROXY COMMAND - WORKER MODEL INTEGRATION
=======================================================

Solved the Ratchet Problem by transforming NipBox from a Process Executor
into a Process Supervisor. Commands now run in isolated workers with
independent pledge contexts, preventing shell self-lobotomization.

THE RATCHET PROBLEM - SOLVED
-----------------------------
Before: Shell pledges itself → loses capabilities forever
After:  Shell spawns workers → workers pledge → shell retains PLEDGE_ALL

ARCHITECTURE
------------

1. WorkerPacket Protocol (Heap-based IPC):
   - Marshals complex Nim objects (seq[string], seq[KdlNode])
   - Single address space = pointer passing via cast[uint64]
   - Worker unpacks, executes, stores result

2. Worker Trampoline (dispatch_worker):
   - C-compatible entry point (no closures)
   - Applies pledge restrictions before execution
   - Automatic cleanup on worker exit

3. Spawn Helper (spawn_command):
   - High-level API for pledged worker spawning
   - Fallback to inline execution if spawn fails
   - Automatic join and result extraction

4. Dispatcher Integration:
   - http.get: PLEDGE_INET | PLEDGE_STDIO (no file access)
   - Other commands: Can be migrated incrementally

SECURITY MODEL
--------------
Shell (PLEDGE_ALL):
  └─> http.get worker (INET+STDIO only)
       ├─ Can: Network requests, console output
       └─ Cannot: Read files, write files, spawn processes

Attack Scenario:
- Malicious http.get attempts open("/etc/passwd")
- Kernel enforces RPATH check
- PLEDGE VIOLATION → Worker terminated
- Shell survives, continues operation

IMPLEMENTATION
--------------
Files Modified:
- core/rumpk/npl/nipbox/nipbox.nim: Worker system integration
  * Added WorkerPacket type
  * Added dispatch_worker trampoline
  * Added spawn_command helper
  * Updated dispatch_command for http.get
  * Added pledge constants

Documentation:
- docs/dev/PHASE_30_THE_PROXY.md: Architecture and security model

USAGE EXAMPLE
-------------
root@nexus:# http.get http://example.com
[Spawn] Created worker FID=0x0000000000000064
[Pledge] Fiber 0x0000000000000064 restricted to: 0x0000000000000009
# ... HTTP response ...
[Worker] Fiber 0x0000000000000064 terminated

root@nexus:# echo "test" > /tmp/file
# Works! Shell retained WPATH capability

LIMITATIONS
-----------
1. No memory isolation (workers share address space)
2. Cooperative scheduling only
3. Manual command migration required
4. GC-dependent packet cleanup

NEXT: Phase 31 - The Iron Wall (RISC-V PMP for memory isolation)

Build: Validated on RISC-V (rumpk-riscv64.elf)
Status: Production-ready

2026-01-02 14:33:47 +01:00

src

Phase 30: The Proxy Command (NipBox Worker Integration)

2026-01-02 14:33:47 +01:00