Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Linux Mode 2 Seccomp Tutorial

bachi/yuzuhara
December 12, 2013
Technology
1
6.3k

Linux Mode 2 Seccomp Tutorial

The presentation introduces Linux mode 2 secccomp.

bachi/yuzuhara

December 12, 2013
Tweet

More Decks by bachi/yuzuhara

See All by bachi/yuzuhara
セキュリティ・キャンプ2019 Z2. ELFマルウェア検知エンジンの試作 成果報告
yuzuhara
1
780
wrapup_z_2018.pdf
yuzuhara
0
370
セキュリティ・キャンプ2017 集中Zトラック成果報告
yuzuhara
0
1.1k
How to Survey for Research (system/w Security Fields)
yuzuhara
0
290
capsicum(論文輪講)
yuzuhara
0
210

Other Decks in Technology

See All in Technology
BUILD UP for Web3 engineer
aramaki
0
410
CDK使用歴1年の僕が現場でCDK導入するときに得たTips
miura55
0
310
AstroNvim を使おう!
ybrliiu
0
150
Teamsコネクタについて(チーム、チャネル)
miyakemito
2
340
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
4
1.4k
C# と HTTP/2 と gRPC
nenonaninu
0
490
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
770
TSN(Time-Sensitive Networking)を環境構築して遊んでみた
iotengineer22
0
600
計測できるレガシーさを捉え、 コード改善に対処する / phperkaigi2023
blue_goheimochi
0
140
ZOZOTOWNの裏側に迫る! Javaで作られたBFFの開発事例を紹介
yutaro527
0
280
Data Lake, Real-time Analytics, or Both? Exploring Presto and ClickHouse
ahana
0
110
Swift 開発が楽になる道具たち
megabitsenmzq
1
300

Featured

See All Featured
Done Done
chrislema
178
15k
Code Reviewing Like a Champion
maltzj
508
38k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
31
20k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
It's Worth the Effort
3n
177
26k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
470
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.7k
Faster Mobile Websites
deanohume
296
29k

Transcript

  1. H25.08.11
    ஧ു ༸ี
    Linux Seccomp Tutorial
    ηΩϡϦςΟΩϟϯϓ2013
    γεςϜιϑτ΢ΣΞθϛิॿࢿྉ
    1
    13೥8݄12೔݄༵೔

    View Slide

  2. Seccompͱ͸
    • ਖ਼ࣜʹ͸Secure computing mode ͱ͍͏ɺϓϩηεͷα
    ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷ࢓૊Έ
    • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ
    ͢Δ
    • Ͳ͏͍͏ͱ͖ʹ࢖͏ͷ͔ʁ
    • ͜ͷϓϩηε͸͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍
    ͏ͱ͖ʹઃఆ͢Δ
    • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠
    ݶ͞ΕΔͨΊɺϓϩηε͕৐ͬऔΒΕͯ΋΄ͱΜͲԿ΋Ͱ
    ͖ͳ͘ͳΔ
    2
    13೥8݄12೔݄༵೔

    View Slide

  3. Mode 1 Seccomp
    • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ
    ϑΟϧλ
    • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ
    εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ
    • read,() write(), exit(), sigreturn()
    • fork()ͱ͔execve()͕࢖͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ
    ΋ग़དྷͳ͍ʂ
    process
    secure computing mode
    fork()
    read()
    3
    13೥8݄12೔݄༵೔

    View Slide

  4. Mode 2 Seccomp
    • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ
    ͖׵͑Δ࢓૊Έ
    • Mode 1ͱҧ͍ɺ೚ҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ
    ͕Ͱ͖Δ
    • Berkley Packet FilterΛϕʔεʹɺߴ଎ʹγεςϜίʔϧ
    ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ
    • ͜ͷͨΊɺseccomp-bpfͱݺ͹ΕΔ͜ͱ͕ଟ͍
    • ͪͳΈʹFedoraͰ͸syscall filterͱݺͿ
    • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍
    ( ꒪⌓꒪)
    4
    13೥8݄12೔݄༵೔

    View Slide

  5. Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ
    • bpfͷྺ࢙΍࢓૊Έ͸লུ
    • ಛ௃
    • ύέοτΛޮ཰Α͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ
    ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ
    Ϩϕϧʣ
    • ڪΔ΂͖͸ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧ಺Ͱʂʣ
    • ͜ͷͨΊɺ͔ͳΓෳࡶ
    mode 2 seccomp͸͜ͷbpfΛ࢖ͬͯγεςϜί
    ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ஌
    ͕ࣝແ͍ͱ࢖͑ͳ͍
    5
    13೥8݄12೔݄༵೔

    View Slide

  6. Mode 2 seccompͷԠ༻ྫ
    • Google Chromium
    • Ubuntu 12.04͔Βར༻ՄೳʢKernel͸3.2͕ͩɺbackport͞Ε
    ͍ͯΔʣ
    • vsftpd3.0.0͔ΒMode 2 seccompΛ࢖͍ͬͯΔΒ͍͠
    ※ͲͪΒ΋ϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ
    ݩʑ໾ׂ΍ϢʔβʔʹΑͬͯϓϩηε෼ׂ͞Ε͍ͯΔ
    6
    13೥8݄12೔݄༵೔

    View Slide

  7. ϓϩηε෼ׂ
    ʴ
    mode 2 seccomp
    = ࠷ڧʂ
    7
    13೥8݄12೔݄༵೔

    View Slide

  8. Using simple seccomp filters
    • ͔͠͠ɺݱঢ়͸͔ͳΓ࢖͍͜ͳ͢ͷ͕೉͍͠
    • bpfΛ൒͹ڧҾʹୟ͍͍ͯΔͨΊ
    • ґଘؔ܎͕ෳࡶɺݩʑbpf͸͜Μͳ༻్૝ఆͯ͠ͳ͍
    • ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ
    http://outflux.net/teach-seccomp/
    8
    13೥8݄12೔݄༵೔

    View Slide

  9. libseccomp Tutorial
    9
    13೥8݄12೔݄༵೔

    View Slide

  10. αϯυϘοΫεԽͷ४උ
    • ո͍͠σʔλ΍εΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ
    ෦෼͕Ұ൪੬ऑ
    • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡
    Όͳ͍
    • ͜ͷ෦෼Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ
    Λઃܭ
    10
    13೥8݄12೔݄༵೔

    View Slide

  11. Main mission: Securing mruby
    • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ
    ΈΑ͏
    • ͜ͷϑϨʔϜϫʔΫΛ࢖ͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞
    ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮૷͠Α͏
    Master process
    mruby
    process
    IPC
    Sandboxing by Mode 2
    seccomp
    mruby code(string)
    result(char[])
    11
    13೥8݄12೔݄༵೔

    View Slide

  12. ϓϩηε෼ׂ
    • σʔλͷ΍ΓऔΓ͸pipeΛ࢖͏
    • mruby࣮ߦ෦෼Λfork()͢Δ
    • ͜ΕͰͻͱ·ͣɺmruby͕๫૸ͯ͠΋େৎ෉✌('ω'✌ )ࡾ
    ✌('ω')✌ࡾ( ✌'ω')✌
    • ࢠϓϩηε͕๫૸ͨ͠Γམͪͯ΋ɺ਌͸ੜ͖࢒Δ
    12
    13೥8݄12೔݄༵೔

    View Slide

  13. αϯυϘοΫεԽ
    • fork() ͨ͠ޙʹɺࣗ෼ࣗ਎ΛαϯυϘοΫεԽ͢Δ
    • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ
    • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠
    ͘
    • seccomp_load();Ͱ४උ׬ྃ
    • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο
    ΫεԽʂ
    13
    13೥8݄12೔݄༵೔

    View Slide

  14. sample
    • seccamp2013_sandbox/samples/libseccomp_base.c
    • γεςϜίʔϧ͕ݺ΂ͳ͘ͳΔྫ
    • seccamp2013_sandbox/ samples/
    libseccomp_sample.c
    • ͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ
    • read, write͸file descriptorΛࢦఆͯ͠ڐՄ͢Δ
    ͜ͱ΋Մೳ
    14
    13೥8݄12೔݄༵೔

    View Slide

  15. ͓ΘΓ
    • αϯυϘοΫεপʹΑ͏ͦ͜ʂ
    15
    13೥8݄12೔݄༵೔

    View Slide