Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Linux Mode 2 Seccomp Tutorial
Search
bachi/yuzuhara
December 12, 2013
Technology
1
6.6k
Linux Mode 2 Seccomp Tutorial
The presentation introduces Linux mode 2 secccomp.
bachi/yuzuhara
December 12, 2013
Tweet
Share
More Decks by bachi/yuzuhara
See All by bachi/yuzuhara
セキュリティ・キャンプ2019 Z2. ELFマルウェア検知エンジンの試作 成果報告
yuzuhara
1
820
wrapup_z_2018.pdf
yuzuhara
0
370
セキュリティ・キャンプ2017 集中Zトラック成果報告
yuzuhara
0
1.2k
How to Survey for Research (system/w Security Fields)
yuzuhara
0
320
capsicum(論文輪講)
yuzuhara
0
300
Other Decks in Technology
See All in Technology
Handling focus in 2024
tahia910
0
610
One engineer company with Ruby on Rails
rstankov
2
460
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.2k
M5と自作基板をくっつけてみた〜M5 Japan Tour 2024 Spring 福冈 (Fukuoka|福岡)〜
keropiyo
1
250
IaCからAWSに入門した初心者が CloudFormationを通して考えた「AWS操作」の使い分け
maimyyym
3
620
Rustで「プリズモイダル法」を利用して「土量計算」をガチでやる
nokonoko1203
1
350
Amplify 🩷 Bedrock 〜生成AI入門〜
minorun365
PRO
10
1.1k
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
個人的、Kubernetes の最新注目機能! (2024年5月版) / TechFeed Experts Night#28 〜 コンテナ技術最前線
pfn
PRO
1
130
令和最新版 Ruby プロファイラ "Pf2" のご紹介
osyoyu
0
170
How to do well in consulting–Balkan Ruby 2024
irinanazarova
0
180
【基本】データベース設計
oracle4engineer
PRO
2
270
Featured
See All Featured
Designing for humans not robots
tammielis
247
25k
Designing Experiences People Love
moore
136
23k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Building Adaptive Systems
keathley
32
1.9k
Being A Developer After 40
akosma
67
580k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k
The Art of Programming - Codeland 2020
erikaheidi
43
12k
Practical Orchestrator
shlominoach
183
9.7k
How GitHub (no longer) Works
holman
305
140k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Mobile First: as difficult as doing things right
swwweet
217
8.6k
Transcript
H25.08.11 ു ༸ี Linux Seccomp Tutorial ηΩϡϦςΟΩϟϯϓ2013 γεςϜιϑτΣΞθϛิॿࢿྉ 1 138݄12݄༵
Seccompͱ • ਖ਼ࣜʹSecure computing mode ͱ͍͏ɺϓϩηεͷα ϯυϘοΫεԽΛࢧԉ͢ΔΧʔωϧͷΈ • ϓϩηε͕ࣗൃతʹγεςϜίʔϧͷൃߦݖݶΛ์غ ͢Δ
• Ͳ͏͍͏ͱ͖ʹ͏ͷ͔ʁ • ͜ͷϓϩηε͜Ε͔Βո͍͠σʔλΛѻ͍·͢Αɺͱ͍ ͏ͱ͖ʹઃఆ͢Δ • ͦͷޙɺϓϩηε͕ൃߦͰ͖ΔγεςϜίʔϧ͕ஶ੍͘͠ ݶ͞ΕΔͨΊɺϓϩηε͕ͬऔΒΕͯ΄ͱΜͲԿͰ ͖ͳ͘ͳΔ 2 138݄12݄༵
Mode 1 Seccomp • Linux kernel 2.6.12͔ΒϚʔδ͞ΕͨɺγεςϜίʔϧͷ ϑΟϧλ • ϓϩηε͕prctl_set_seccomp()ΛݺͿͱɺ͔ͦ͜ΒҎԼͷγ
εςϜίʔϧ͔͠ൃߦͰ͖ͳ͘ͳΔ • read,() write(), exit(), sigreturn() • fork()ͱ͔execve()͕͑ͳ͍→߈ܸ͞Εͨͱ͖ɺ΄ͱΜͲԿ ग़དྷͳ͍ʂ process secure computing mode fork() read() 3 138݄12݄༵
Mode 2 Seccomp • Linux Kernel 3.5͔ΒϚʔδ͞ΕͨɺMode 2 seccompΛஔ ͖͑ΔΈ
• Mode 1ͱҧ͍ɺҙͷγεςϜίʔϧΛڐՄ͢Δ͜ͱ ͕Ͱ͖Δ • Berkley Packet FilterΛϕʔεʹɺߴʹγεςϜίʔϧ ΛϑΟϧλϦϯά͢Δ͜ͱ͕ग़དྷΔ • ͜ͷͨΊɺseccomp-bpfͱݺΕΔ͜ͱ͕ଟ͍ • ͪͳΈʹFedoraͰsyscall filterͱݺͿ • seccomp 2ͱ͔seccomp mode 2ͱ͔දه༳Ε͕ଟ͍ ( ꒪⌓꒪) 4 138݄12݄༵
Berkley Packet Filter(bpf)Λϕʔεʹɾɾɾ • bpfͷྺ࢙Έলུ • ಛ • ύέοτΛޮΑ͘ϑΟϧλϦϯά͢ΔͨΊɺϑΟϧλϦ ϯάϧʔϧʹಛԽͨ͠ॲཧܥ͕ಈ͍ͯΔʢVMͱ͍͍͍ͬͯ
Ϩϕϧʣ • ڪΔ͖ɺJITΛαϙʔτ͍ͯ͠ΔʢΧʔωϧͰʂʣ • ͜ͷͨΊɺ͔ͳΓෳࡶ mode 2 seccomp͜ͷbpfΛͬͯγεςϜί ʔϧΛϑΟϧλϦϯά͍ͯ͠ΔͨΊɺbpfͷ ͕ࣝແ͍ͱ͑ͳ͍ 5 138݄12݄༵
Mode 2 seccompͷԠ༻ྫ • Google Chromium • Ubuntu 12.04͔Βར༻ՄೳʢKernel3.2͕ͩɺbackport͞Ε ͍ͯΔʣ
• vsftpd3.0.0͔ΒMode 2 seccompΛ͍ͬͯΔΒ͍͠ ※ͲͪΒϓϩηεΛαϯυϘοΫεԽ͢ΔͨΊɺ ݩʑׂϢʔβʔʹΑͬͯϓϩηεׂ͞Ε͍ͯΔ 6 138݄12݄༵
ϓϩηεׂ ʴ mode 2 seccomp = ࠷ڧʂ 7 138݄12݄༵
Using simple seccomp filters • ͔͠͠ɺݱঢ়͔ͳΓ͍͜ͳ͢ͷ͕͍͠ • bpfΛڧҾʹୟ͍͍ͯΔͨΊ • ґଘ͕ؔෳࡶɺݩʑbpf͜Μͳ༻్ఆͯ͠ͳ͍
• ԼهURLΛࢀরɻʢશવsimple͡Όͳ͍ɾɾʣ http://outflux.net/teach-seccomp/ 8 138݄12݄༵
libseccomp Tutorial 9 138݄12݄༵
αϯυϘοΫεԽͷ४උ • ո͍͠σʔλεΫϦϓτΛ”࣮ߦ”ͨ͠Γ”ղऍ”͢Δ ෦͕Ұ൪੬ऑ • σʔλΛόΠτྻͱͯ͠ಡΈऔΔ͚ͩͳΒͦΜͳʹةݥ͡ Όͳ͍ • ͜ͷ෦Λ্ख͘αϯυϘοΫεԽ͢ΔΑ͏ʹϓϩάϥϜ Λઃܭ
10 138݄12݄༵
Main mission: Securing mruby • mrubyΛηΩϡΞʹ࣮ߦͰ͖ΔϑϨʔϜϫʔΫΛ࡞ͬͯ ΈΑ͏ • ͜ͷϑϨʔϜϫʔΫΛͬͯɺ”۠ըԽ”ͨ͠΄͏͕ྑ͞ ͦ͏ͳΦϦδφϧΞϓϦέʔγϣϯΛઃܭɺ࣮͠Α͏
Master process mruby process IPC Sandboxing by Mode 2 seccomp mruby code(string) result(char[]) 11 138݄12݄༵
ϓϩηεׂ • σʔλͷΓऔΓpipeΛ͏ • mruby࣮ߦ෦Λfork()͢Δ • ͜ΕͰͻͱ·ͣɺmruby͕ͯ͠େৎ✌('ω'✌ )ࡾ ✌('ω')✌ࡾ( ✌'ω')✌
• ࢠϓϩηε͕ͨ͠Γམͪͯɺੜ͖Δ 12 138݄12݄༵
αϯυϘοΫεԽ • fork() ͨ͠ޙʹɺࣗࣗΛαϯυϘοΫεԽ͢Δ • seccomp_init(SCMP_ACT_KILL);ͰॳظԽ • seccomp_rule_add();ͰڐՄ͢ΔγεςϜίʔϧΛࢦఆ͍ͯ͠ ͘ •
seccomp_load();Ͱ४උྃ • seccomp_release();ͰෆཁͳݖݶΛશ෦ख์͢→αϯυϘο ΫεԽʂ 13 138݄12݄༵
sample • seccamp2013_sandbox/samples/libseccomp_base.c • γεςϜίʔϧ͕ݺͳ͘ͳΔྫ • seccamp2013_sandbox/ samples/ libseccomp_sample.c •
͍͔ͭ͘ͷγεςϜίʔϧΛڐՄͨ͠ྫ • read, writefile descriptorΛࢦఆͯ͠ڐՄ͢Δ ͜ͱՄೳ 14 138݄12݄༵
͓ΘΓ • αϯυϘοΫεপʹΑ͏ͦ͜ʂ 15 138݄12݄༵