Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Linux Mode 2 Seccomp Tutorial

bachi/yuzuhara
December 12, 2013

Linux Mode 2 Seccomp Tutorial

The presentation introduces Linux mode 2 secccomp.

bachi/yuzuhara

December 12, 2013
Tweet

More Decks by bachi/yuzuhara

Other Decks in Technology

Transcript

  1. H25.08.11
    ஧ു ༸ี
    Linux Seccomp Tutorial
    ηΩϡϦςΟΩϟϯϓ2013
    γεςϜιϑτ΢ΣΞθϛิॿࢿྉ
    1
    13೥8݄12೔݄༵೔

    View Slide

  2. Seccompͱ͸
    • ਖ਼ࣜʹ͸Secure computing mode ͱ͍͏ɺϓϩηεͷα
    ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷ࢓૊Έ
    • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ
    ͢Δ
    • Ͳ͏͍͏ͱ͖ʹ࢖͏ͷ͔ʁ
    • ͜ͷϓϩηε͸͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍
    ͏ͱ͖ʹઃఆ͢Δ
    • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠
    ݶ͞ΕΔͨΊɺϓϩηε͕৐ͬऔΒΕͯ΋΄ͱΜͲԿ΋Ͱ
    ͖ͳ͘ͳΔ
    2
    13೥8݄12೔݄༵೔

    View Slide

  3. Mode 1 Seccomp
    • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ
    ϑΟϧλ
    • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ
    εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ
    • read,() write(), exit(), sigreturn()
    • fork()ͱ͔execve()͕࢖͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ
    ΋ग़དྷͳ͍ʂ
    process
    secure computing mode
    fork()
    read()
    3
    13೥8݄12೔݄༵೔

    View Slide

  4. Mode 2 Seccomp
    • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ
    ͖׵͑Δ࢓૊Έ
    • Mode 1ͱҧ͍ɺ೚ҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ
    ͕Ͱ͖Δ
    • Berkley Packet FilterΛϕʔεʹɺߴ଎ʹγεςϜίʔϧ
    ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ
    • ͜ͷͨΊɺseccomp-bpfͱݺ͹ΕΔ͜ͱ͕ଟ͍
    • ͪͳΈʹFedoraͰ͸syscall filterͱݺͿ
    • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍
    ( ꒪⌓꒪)
    4
    13೥8݄12೔݄༵೔

    View Slide

  5. Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ
    • bpfͷྺ࢙΍࢓૊Έ͸লུ
    • ಛ௃
    • ύέοτΛޮ཰Α͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ
    ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ
    Ϩϕϧʣ
    • ڪΔ΂͖͸ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧ಺Ͱʂʣ
    • ͜ͷͨΊɺ͔ͳΓෳࡶ
    mode 2 seccomp͸͜ͷbpfΛ࢖ͬͯγεςϜί
    ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ஌
    ͕ࣝແ͍ͱ࢖͑ͳ͍
    5
    13೥8݄12೔݄༵೔

    View Slide

  6. Mode 2 seccompͷԠ༻ྫ
    • Google Chromium
    • Ubuntu 12.04͔Βར༻ՄೳʢKernel͸3.2͕ͩɺbackport͞Ε
    ͍ͯΔʣ
    • vsftpd3.0.0͔ΒMode 2 seccompΛ࢖͍ͬͯΔΒ͍͠
    ※ͲͪΒ΋ϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ
    ݩʑ໾ׂ΍ϢʔβʔʹΑͬͯϓϩηε෼ׂ͞Ε͍ͯΔ
    6
    13೥8݄12೔݄༵೔

    View Slide

  7. ϓϩηε෼ׂ
    ʴ
    mode 2 seccomp
    = ࠷ڧʂ
    7
    13೥8݄12೔݄༵೔

    View Slide

  8. Using simple seccomp filters
    • ͔͠͠ɺݱঢ়͸͔ͳΓ࢖͍͜ͳ͢ͷ͕೉͍͠
    • bpfΛ൒͹ڧҾʹୟ͍͍ͯΔͨΊ
    • ґଘؔ܎͕ෳࡶɺݩʑbpf͸͜Μͳ༻్૝ఆͯ͠ͳ͍
    • ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ
    http://outflux.net/teach-seccomp/
    8
    13೥8݄12೔݄༵೔

    View Slide

  9. libseccomp Tutorial
    9
    13೥8݄12೔݄༵೔

    View Slide

  10. αϯυϘοΫεԽͷ४උ
    • ո͍͠σʔλ΍εΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ
    ෦෼͕Ұ൪੬ऑ
    • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡
    Όͳ͍
    • ͜ͷ෦෼Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ
    Λઃܭ
    10
    13೥8݄12೔݄༵೔

    View Slide

  11. Main mission: Securing mruby
    • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ
    ΈΑ͏
    • ͜ͷϑϨʔϜϫʔΫΛ࢖ͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞
    ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮૷͠Α͏
    Master process
    mruby
    process
    IPC
    Sandboxing by Mode 2
    seccomp
    mruby code(string)
    result(char[])
    11
    13೥8݄12೔݄༵೔

    View Slide

  12. ϓϩηε෼ׂ
    • σʔλͷ΍ΓऔΓ͸pipeΛ࢖͏
    • mruby࣮ߦ෦෼Λfork()͢Δ
    • ͜ΕͰͻͱ·ͣɺmruby͕๫૸ͯ͠΋େৎ෉✌('ω'✌ )ࡾ
    ✌('ω')✌ࡾ( ✌'ω')✌
    • ࢠϓϩηε͕๫૸ͨ͠Γམͪͯ΋ɺ਌͸ੜ͖࢒Δ
    12
    13೥8݄12೔݄༵೔

    View Slide

  13. αϯυϘοΫεԽ
    • fork() ͨ͠ޙʹɺࣗ෼ࣗ਎ΛαϯυϘοΫεԽ͢Δ
    • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ
    • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠
    ͘
    • seccomp_load();Ͱ४උ׬ྃ
    • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο
    ΫεԽʂ
    13
    13೥8݄12೔݄༵೔

    View Slide

  14. sample
    • seccamp2013_sandbox/samples/libseccomp_base.c
    • γεςϜίʔϧ͕ݺ΂ͳ͘ͳΔྫ
    • seccamp2013_sandbox/ samples/
    libseccomp_sample.c
    • ͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ
    • read, write͸file descriptorΛࢦఆͯ͠ڐՄ͢Δ
    ͜ͱ΋Մೳ
    14
    13೥8݄12೔݄༵೔

    View Slide

  15. ͓ΘΓ
    • αϯυϘοΫεপʹΑ͏ͦ͜ʂ
    15
    13೥8݄12೔݄༵೔

    View Slide