Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Linux Mode 2 Seccomp Tutorial

Avatar for bachi/yuzuhara bachi/yuzuhara
December 12, 2013
Technology
1
7.1k

Linux Mode 2 Seccomp Tutorial

The presentation introduces Linux mode 2 secccomp.

Avatar for bachi/yuzuhara

bachi/yuzuhara

December 12, 2013
Tweet

More Decks by bachi/yuzuhara

See All by bachi/yuzuhara
セキュリティ・キャンプ2019 Z2. ELFマルウェア検知エンジンの試作 成果報告
Avatar for bachi/yuzuhara yuzuhara
1
880
wrapup_z_2018.pdf
Avatar for bachi/yuzuhara yuzuhara
0
400
セキュリティ・キャンプ2017 集中Zトラック成果報告
Avatar for bachi/yuzuhara yuzuhara
0
1.4k
How to Survey for Research (system/w Security Fields)
Avatar for bachi/yuzuhara yuzuhara
0
380
capsicum(論文輪講)
Avatar for bachi/yuzuhara yuzuhara
0
440

Other Decks in Technology

See All in Technology
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
Avatar for yuriemori yuriemori
0
390
技術選定、下から見るか?横から見るか?
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
0
190
Introduction to Sansan Meishi Maker Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
330
小さく、早く、可能性を多産する。生成AIプロジェクト / prAIrie-dog
Avatar for Visional Engineering & Design visional_engineering_and_design
0
390
Oracle Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
3
310
BidiAgent と Nova 2 Sonic から​考える音声 AI について
Avatar for Yuuki Yamashita yama3133
2
150
AIエージェントを5分で一気におさらい! AIエージェント「構築」元年に備えよう
Avatar for やくも yakumo
1
150
わが10年の叡智をぶつけたカオスなクラウドインフラが、なくなるということ。
Avatar for Hisashi SOGA sogaoh
PRO
1
390
First-Principles-of-Scrum
Avatar for Kenji Hiranabe hiranabe
3
1.7k
Oracle Cloud Infrastructure:2025年12月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
0
250
Everything As Code
Avatar for わいわい yosuke_ai
0
500
次世代AIコーディング:OpenAI Codex の最新動向 進行スライド/nikkei-tech-talk-40
Avatar for 日本経済新聞社 エンジニア採用事務局 nikkei_engineer_recruiting
0
120

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
1
34
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
74
5k
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.1k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.5k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
590
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
51k
How to Align SEO within the Product Triangle To Get 
Buy-In & Support - #RIMC
Avatar for Aleyda Solis aleyda
1
1.4k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.2k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
76
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
7k

Transcript

  1. H25.08.11 ஧ു ༸ี Linux Seccomp Tutorial ηΩϡϦςΟΩϟϯϓ2013 γεςϜιϑτ΢ΣΞθϛิॿࢿྉ 1 13೥8݄12೔݄༵೔

  2. Seccompͱ͸ • ਖ਼ࣜʹ͸Secure computing mode ͱ͍͏ɺϓϩηεͷα ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷ࢓૊Έ • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ ͢Δ

    • Ͳ͏͍͏ͱ͖ʹ࢖͏ͷ͔ʁ • ͜ͷϓϩηε͸͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍ ͏ͱ͖ʹઃఆ͢Δ • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠ ݶ͞ΕΔͨΊɺϓϩηε͕৐ͬऔΒΕͯ΋΄ͱΜͲԿ΋Ͱ ͖ͳ͘ͳΔ 2 13೥8݄12೔݄༵೔

  3. Mode 1 Seccomp • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ ϑΟϧλ • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ

    εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ • read,() write(), exit(), sigreturn() • fork()ͱ͔execve()͕࢖͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ ΋ग़དྷͳ͍ʂ process secure computing mode fork() read() 3 13೥8݄12೔݄༵೔

  4. Mode 2 Seccomp • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ ͖׵͑Δ࢓૊Έ

    • Mode 1ͱҧ͍ɺ೚ҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ ͕Ͱ͖Δ • Berkley Packet FilterΛϕʔεʹɺߴ଎ʹγεςϜίʔϧ ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ • ͜ͷͨΊɺseccomp-bpfͱݺ͹ΕΔ͜ͱ͕ଟ͍ • ͪͳΈʹFedoraͰ͸syscall filterͱݺͿ • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍ ( ꒪⌓꒪) 4 13೥8݄12೔݄༵೔

  5. Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ • bpfͷྺ࢙΍࢓૊Έ͸লུ • ಛ௃ • ύέοτΛޮ཰Α͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ

    Ϩϕϧʣ • ڪΔ΂͖͸ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧ಺Ͱʂʣ • ͜ͷͨΊɺ͔ͳΓෳࡶ mode 2 seccomp͸͜ͷbpfΛ࢖ͬͯγεςϜί ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ஌ ͕ࣝແ͍ͱ࢖͑ͳ͍ 5 13೥8݄12೔݄༵೔

  6. Mode 2 seccompͷԠ༻ྫ • Google Chromium • Ubuntu 12.04͔Βར༻ՄೳʢKernel͸3.2͕ͩɺbackport͞Ε ͍ͯΔʣ

    • vsftpd3.0.0͔ΒMode 2 seccompΛ࢖͍ͬͯΔΒ͍͠ ※ͲͪΒ΋ϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ ݩʑ໾ׂ΍ϢʔβʔʹΑͬͯϓϩηε෼ׂ͞Ε͍ͯΔ 6 13೥8݄12೔݄༵೔

  7. ϓϩηε෼ׂ ʴ mode 2 seccomp = ࠷ڧʂ 7 13೥8݄12೔݄༵೔

  8. Using simple seccomp filters • ͔͠͠ɺݱঢ়͸͔ͳΓ࢖͍͜ͳ͢ͷ͕೉͍͠ • bpfΛ൒͹ڧҾʹୟ͍͍ͯΔͨΊ • ґଘؔ܎͕ෳࡶɺݩʑbpf͸͜Μͳ༻్૝ఆͯ͠ͳ͍

    • ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ http://outflux.net/teach-seccomp/ 8 13೥8݄12೔݄༵೔

  9. libseccomp Tutorial 9 13೥8݄12೔݄༵೔

  10. αϯυϘοΫεԽͷ४උ • ո͍͠σʔλ΍εΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ ෦෼͕Ұ൪੬ऑ • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡ Όͳ͍ • ͜ͷ෦෼Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ Λઃܭ

    10 13೥8݄12೔݄༵೔

  11. Main mission: Securing mruby • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ ΈΑ͏ • ͜ͷϑϨʔϜϫʔΫΛ࢖ͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞ ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮૷͠Α͏

    Master process mruby process IPC Sandboxing by Mode 2 seccomp mruby code(string) result(char[]) 11 13೥8݄12೔݄༵೔

  12. ϓϩηε෼ׂ • σʔλͷ΍ΓऔΓ͸pipeΛ࢖͏ • mruby࣮ߦ෦෼Λfork()͢Δ • ͜ΕͰͻͱ·ͣɺmruby͕๫૸ͯ͠΋େৎ෉✌('ω'✌ )ࡾ ✌('ω')✌ࡾ( ✌'ω')✌

    • ࢠϓϩηε͕๫૸ͨ͠Γམͪͯ΋ɺ਌͸ੜ͖࢒Δ 12 13೥8݄12೔݄༵೔

  13. αϯυϘοΫεԽ • fork() ͨ͠ޙʹɺࣗ෼ࣗ਎ΛαϯυϘοΫεԽ͢Δ • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠ ͘ •

    seccomp_load();Ͱ४උ׬ྃ • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο ΫεԽʂ 13 13೥8݄12೔݄༵೔

  14. sample • seccamp2013_sandbox/samples/libseccomp_base.c • γεςϜίʔϧ͕ݺ΂ͳ͘ͳΔྫ • seccamp2013_sandbox/ samples/ libseccomp_sample.c •

    ͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ • read, write͸file descriptorΛࢦఆͯ͠ڐՄ͢Δ ͜ͱ΋Մೳ 14 13೥8݄12೔݄༵೔

  15. ͓ΘΓ • αϯυϘοΫεপʹΑ͏ͦ͜ʂ 15 13೥8݄12೔݄༵೔