| |||||||||||||
Systemd gets seccomp filter supportSystemd gets seccomp filter supportPosted Jul 17, 2012 19:56 UTC (Tue) by mezcalero (subscriber, #45103)In reply to: Systemd gets seccomp filter support by walters Parent article: Systemd gets seccomp filter support
Well, I think it's much easier to write syscall filter lists for the simple reason that everybody knows the main tool for doing that: strace. And what's also nice is that it allows you to write blacklists too, which adds a bit of security, and is super duper easy to do:
SystemCallFilter=~ioperm settimeofday clock_settime
And that's all yoou need to make sure that your process doesn't get access to any IO port or can change the time.
(Log in to post comments)
Systemd gets seccomp filter support Posted Jul 17, 2012 21:46 UTC (Tue) by jimparis (subscriber, #38647) [Link]
Until you remember that iopl() also gives access to IO ports, and direct memory access makes it easy enough to change the time. I don't think blacklists can ever realistically work.
Systemd gets seccomp filter support Posted Jul 18, 2012 2:21 UTC (Wed) by jcm (subscriber, #18262) [Link]
Just a note here. "Everybody" is "one who is skilled in the art" (of computer programming on Unix and Linux systems). That isn't most sysadmins. It's perhaps most sysadmins I hang out with, but it's not most out there. The idea of sysadmins writing system call filters terrifies me from a support perspective :)
Systemd gets seccomp filter support Posted Jul 18, 2012 17:55 UTC (Wed) by cmccabe (guest, #60281) [Link]
Yeah, I thought the whole idea behind seccomp was that developers would add sandboxing to their own programs. Adding it as yet another sysadmin-configurable knob seems like exactly the wrong direction to go.
|
|||||||||||||