Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Linux Mode 2 Seccomp Tutorial

bachi/yuzuhara
December 12, 2013
Technology
1
6.6k

Linux Mode 2 Seccomp Tutorial

The presentation introduces Linux mode 2 secccomp.

bachi/yuzuhara

December 12, 2013
Tweet

More Decks by bachi/yuzuhara

See All by bachi/yuzuhara
セキュリティ・キャンプ2019 Z2. ELFマルウェア検知エンジンの試作 成果報告
yuzuhara
1
820
wrapup_z_2018.pdf
yuzuhara
0
370
セキュリティ・キャンプ2017 集中Zトラック成果報告
yuzuhara
0
1.2k
How to Survey for Research (system/w Security Fields)
yuzuhara
0
320
capsicum(論文輪講)
yuzuhara
0
300

Other Decks in Technology

See All in Technology
Handling focus in 2024
tahia910
0
610
One engineer company with Ruby on Rails
rstankov
2
460
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.2k
M5と自作基板をくっつけてみた〜M5 Japan Tour 2024 Spring 福冈 (Fukuoka|福岡)〜
keropiyo
1
250
IaCからAWSに入門した初心者が CloudFormationを通して考えた「AWS操作」の使い分け
maimyyym
3
620
Rustで「プリズモイダル法」を利用して「土量計算」をガチでやる
nokonoko1203
1
350
Amplify 🩷 Bedrock 〜生成AI入門〜
minorun365
PRO
10
1.1k
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
個人的、Kubernetes の最新注目機能! (2024年5月版) / TechFeed Experts Night#28 〜 コンテナ技術最前線
pfn
PRO
1
130
令和最新版 Ruby プロファイラ "Pf2" のご紹介
osyoyu
0
170
How to do well in consulting–Balkan Ruby 2024
irinanazarova
0
180
【基本】データベース設計
oracle4engineer
PRO
2
270

Featured

See All Featured
Designing for humans not robots
tammielis
247
25k
Designing Experiences People Love
moore
136
23k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Building Adaptive Systems
keathley
32
1.9k
Being A Developer After 40
akosma
67
580k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k
The Art of Programming - Codeland 2020
erikaheidi
43
12k
Practical Orchestrator
shlominoach
183
9.7k
How GitHub (no longer) Works
holman
305
140k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Mobile First: as difficult as doing things right
swwweet
217
8.6k

Transcript

  1. H25.08.11 ஧ു ༸ี Linux Seccomp Tutorial ηΩϡϦςΟΩϟϯϓ2013 γεςϜιϑτ΢ΣΞθϛิॿࢿྉ 1 13೥8݄12೔݄༵೔

  2. Seccompͱ͸ • ਖ਼ࣜʹ͸Secure computing mode ͱ͍͏ɺϓϩηεͷα ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷ࢓૊Έ • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ ͢Δ

    • Ͳ͏͍͏ͱ͖ʹ࢖͏ͷ͔ʁ • ͜ͷϓϩηε͸͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍ ͏ͱ͖ʹઃఆ͢Δ • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠ ݶ͞ΕΔͨΊɺϓϩηε͕৐ͬऔΒΕͯ΋΄ͱΜͲԿ΋Ͱ ͖ͳ͘ͳΔ 2 13೥8݄12೔݄༵೔

  3. Mode 1 Seccomp • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ ϑΟϧλ • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ

    εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ • read,() write(), exit(), sigreturn() • fork()ͱ͔execve()͕࢖͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ ΋ग़དྷͳ͍ʂ process secure computing mode fork() read() 3 13೥8݄12೔݄༵೔

  4. Mode 2 Seccomp • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ ͖׵͑Δ࢓૊Έ

    • Mode 1ͱҧ͍ɺ೚ҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ ͕Ͱ͖Δ • Berkley Packet FilterΛϕʔεʹɺߴ଎ʹγεςϜίʔϧ ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ • ͜ͷͨΊɺseccomp-bpfͱݺ͹ΕΔ͜ͱ͕ଟ͍ • ͪͳΈʹFedoraͰ͸syscall filterͱݺͿ • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍ ( ꒪⌓꒪) 4 13೥8݄12೔݄༵೔

  5. Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ • bpfͷྺ࢙΍࢓૊Έ͸লུ • ಛ௃ • ύέοτΛޮ཰Α͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ

    Ϩϕϧʣ • ڪΔ΂͖͸ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧ಺Ͱʂʣ • ͜ͷͨΊɺ͔ͳΓෳࡶ mode 2 seccomp͸͜ͷbpfΛ࢖ͬͯγεςϜί ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ஌ ͕ࣝແ͍ͱ࢖͑ͳ͍ 5 13೥8݄12೔݄༵೔

  6. Mode 2 seccompͷԠ༻ྫ • Google Chromium • Ubuntu 12.04͔Βར༻ՄೳʢKernel͸3.2͕ͩɺbackport͞Ε ͍ͯΔʣ

    • vsftpd3.0.0͔ΒMode 2 seccompΛ࢖͍ͬͯΔΒ͍͠ ※ͲͪΒ΋ϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ ݩʑ໾ׂ΍ϢʔβʔʹΑͬͯϓϩηε෼ׂ͞Ε͍ͯΔ 6 13೥8݄12೔݄༵೔

  7. ϓϩηε෼ׂ ʴ mode 2 seccomp = ࠷ڧʂ 7 13೥8݄12೔݄༵೔

  8. Using simple seccomp filters • ͔͠͠ɺݱঢ়͸͔ͳΓ࢖͍͜ͳ͢ͷ͕೉͍͠ • bpfΛ൒͹ڧҾʹୟ͍͍ͯΔͨΊ • ґଘؔ܎͕ෳࡶɺݩʑbpf͸͜Μͳ༻్૝ఆͯ͠ͳ͍

    • ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ http://outflux.net/teach-seccomp/ 8 13೥8݄12೔݄༵೔

  9. libseccomp Tutorial 9 13೥8݄12೔݄༵೔

  10. αϯυϘοΫεԽͷ४උ • ո͍͠σʔλ΍εΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ ෦෼͕Ұ൪੬ऑ • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡ Όͳ͍ • ͜ͷ෦෼Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ Λઃܭ

    10 13೥8݄12೔݄༵೔

  11. Main mission: Securing mruby • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ ΈΑ͏ • ͜ͷϑϨʔϜϫʔΫΛ࢖ͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞ ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮૷͠Α͏

    Master process mruby process IPC Sandboxing by Mode 2 seccomp mruby code(string) result(char[]) 11 13೥8݄12೔݄༵೔

  12. ϓϩηε෼ׂ • σʔλͷ΍ΓऔΓ͸pipeΛ࢖͏ • mruby࣮ߦ෦෼Λfork()͢Δ • ͜ΕͰͻͱ·ͣɺmruby͕๫૸ͯ͠΋େৎ෉✌('ω'✌ )ࡾ ✌('ω')✌ࡾ( ✌'ω')✌

    • ࢠϓϩηε͕๫૸ͨ͠Γམͪͯ΋ɺ਌͸ੜ͖࢒Δ 12 13೥8݄12೔݄༵೔

  13. αϯυϘοΫεԽ • fork() ͨ͠ޙʹɺࣗ෼ࣗ਎ΛαϯυϘοΫεԽ͢Δ • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠ ͘ •

    seccomp_load();Ͱ४උ׬ྃ • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο ΫεԽʂ 13 13೥8݄12೔݄༵೔

  14. sample • seccamp2013_sandbox/samples/libseccomp_base.c • γεςϜίʔϧ͕ݺ΂ͳ͘ͳΔྫ • seccamp2013_sandbox/ samples/ libseccomp_sample.c •

    ͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ • read, write͸file descriptorΛࢦఆͯ͠ڐՄ͢Δ ͜ͱ΋Մೳ 14 13೥8݄12೔݄༵೔

  15. ͓ΘΓ • αϯυϘοΫεপʹΑ͏ͦ͜ʂ 15 13೥8݄12೔݄༵೔