Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Linux Mode 2 Seccomp Tutorial
Search
bachi/yuzuhara
December 12, 2013
Technology
1
7k
Linux Mode 2 Seccomp Tutorial
The presentation introduces Linux mode 2 secccomp.
bachi/yuzuhara
December 12, 2013
Tweet
Share
More Decks by bachi/yuzuhara
See All by bachi/yuzuhara
セキュリティ・キャンプ2019 Z2. ELFマルウェア検知エンジンの試作 成果報告
yuzuhara
1
870
wrapup_z_2018.pdf
yuzuhara
0
390
セキュリティ・キャンプ2017 集中Zトラック成果報告
yuzuhara
0
1.4k
How to Survey for Research (system/w Security Fields)
yuzuhara
0
370
capsicum(論文輪講)
yuzuhara
0
410
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
34k
CRE Camp #1 エンジニアリングを民主化するCREチームでありたい話
mntsq
1
130
SEQUENCE object comparison - db tech showcase 2025 LT2
nori_shinoda
0
140
KubeCon + CloudNativeCon Japan 2025 Recap by CA
ponkio_o
PRO
0
300
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
kawauso
2
9.4k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
27k
united airlines ™®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedhelp
1
340
React開発にStorybookとCopilotを導入して、爆速でUIを編集・確認する方法
yu_kod
1
280
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
1
280
面倒な作業はAIにおまかせ。Flutter開発をスマートに効率化
ruideengineer
0
260
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
3
7.7k
fukabori.fm 出張版: 売上高617億円と高稼働率を陰で支えた社内ツール開発のあれこれ話 / 20250704 Yoshimasa Iwase & Tomoo Morikawa
shift_evolve
PRO
2
7.8k
Featured
See All Featured
Building an army of robots
kneath
306
45k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Become a Pro
speakerdeck
PRO
29
5.4k
Statistics for Hackers
jakevdp
799
220k
Code Reviewing Like a Champion
maltzj
524
40k
Testing 201, or: Great Expectations
jmmastey
43
7.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
GraphQLとの向き合い方2022年版
quramy
49
14k
The Cult of Friendly URLs
andyhume
79
6.5k
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
What's in a price? How to price your products and services
michaelherold
246
12k
Transcript
H25.08.11 ു ༸ี Linux Seccomp Tutorial ηΩϡϦςΟΩϟϯϓ2013 γεςϜιϑτΣΞθϛิॿࢿྉ 1 138݄12݄༵
Seccompͱ • ਖ਼ࣜʹSecure computing mode ͱ͍͏ɺϓϩηεͷα ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷΈ • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ ͢Δ
• Ͳ͏͍͏ͱ͖ʹ͏ͷ͔ʁ • ͜ͷϓϩηε͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍ ͏ͱ͖ʹઃఆ͢Δ • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠ ݶ͞ΕΔͨΊɺϓϩηε͕ͬऔΒΕͯ΄ͱΜͲԿͰ ͖ͳ͘ͳΔ 2 138݄12݄༵
Mode 1 Seccomp • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ ϑΟϧλ • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ
εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ • read,() write(), exit(), sigreturn() • fork()ͱ͔execve()͕͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ ग़དྷͳ͍ʂ process secure computing mode fork() read() 3 138݄12݄༵
Mode 2 Seccomp • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ ͖͑ΔΈ
• Mode 1ͱҧ͍ɺҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ ͕Ͱ͖Δ • Berkley Packet FilterΛϕʔεʹɺߴʹγεςϜίʔϧ ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ • ͜ͷͨΊɺseccomp-bpfͱݺΕΔ͜ͱ͕ଟ͍ • ͪͳΈʹFedoraͰsyscall filterͱݺͿ • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍ ( ꒪⌓꒪) 4 138݄12݄༵
Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ • bpfͷྺ࢙Έলུ • ಛ • ύέοτΛޮΑ͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ
Ϩϕϧʣ • ڪΔ͖ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧͰʂʣ • ͜ͷͨΊɺ͔ͳΓෳࡶ mode 2 seccomp͜ͷbpfΛͬͯγεςϜί ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ ͕ࣝແ͍ͱ͑ͳ͍ 5 138݄12݄༵
Mode 2 seccompͷԠ༻ྫ • Google Chromium • Ubuntu 12.04͔Βར༻ՄೳʢKernel3.2͕ͩɺbackport͞Ε ͍ͯΔʣ
• vsftpd3.0.0͔ΒMode 2 seccompΛ͍ͬͯΔΒ͍͠ ※ͲͪΒϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ ݩʑׂϢʔβʔʹΑͬͯϓϩηεׂ͞Ε͍ͯΔ 6 138݄12݄༵
ϓϩηεׂ ʴ mode 2 seccomp = ࠷ڧʂ 7 138݄12݄༵
Using simple seccomp filters • ͔͠͠ɺݱঢ়͔ͳΓ͍͜ͳ͢ͷ͕͍͠ • bpfΛڧҾʹୟ͍͍ͯΔͨΊ • ґଘ͕ؔෳࡶɺݩʑbpf͜Μͳ༻్ఆͯ͠ͳ͍
• ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ http://outflux.net/teach-seccomp/ 8 138݄12݄༵
libseccomp Tutorial 9 138݄12݄༵
αϯυϘοΫεԽͷ४උ • ո͍͠σʔλεΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ ෦͕Ұ൪੬ऑ • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡ Όͳ͍ • ͜ͷ෦Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ Λઃܭ
10 138݄12݄༵
Main mission: Securing mruby • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ ΈΑ͏ • ͜ͷϑϨʔϜϫʔΫΛͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞ ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮͠Α͏
Master process mruby process IPC Sandboxing by Mode 2 seccomp mruby code(string) result(char[]) 11 138݄12݄༵
ϓϩηεׂ • σʔλͷΓऔΓpipeΛ͏ • mruby࣮ߦ෦Λfork()͢Δ • ͜ΕͰͻͱ·ͣɺmruby͕ͯ͠େৎ✌('ω'✌ )ࡾ ✌('ω')✌ࡾ( ✌'ω')✌
• ࢠϓϩηε͕ͨ͠Γམͪͯɺੜ͖Δ 12 138݄12݄༵
αϯυϘοΫεԽ • fork() ͨ͠ޙʹɺࣗࣗΛαϯυϘοΫεԽ͢Δ • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠ ͘ •
seccomp_load();Ͱ४උྃ • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο ΫεԽʂ 13 138݄12݄༵
sample • seccamp2013_sandbox/samples/libseccomp_base.c • γεςϜίʔϧ͕ݺͳ͘ͳΔྫ • seccamp2013_sandbox/ samples/ libseccomp_sample.c •
͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ • read, writefile descriptorΛࢦఆͯ͠ڐՄ͢Δ ͜ͱՄೳ 14 138݄12݄༵
͓ΘΓ • αϯυϘοΫεপʹΑ͏ͦ͜ʂ 15 138݄12݄༵