exile.h
libseccomp
| exile.h | libseccomp | |
|---|---|---|
| 1 | 3 | |
| 14 | 771 | |
| - | 1.3% | |
| 0.0 | 4.6 | |
| over 1 year ago | 18 days ago | |
| C | C | |
| - | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
exile.h
-
Show HN: Porting OpenBSD Pledge() to Linux
Great work!
>.. So how do we get it that simple on Linux? I believe the answer is to find someone with enough free time to figure out how to use SECCOMP BPF to implement pledge.
> There's been a few devs in the past who've tried this. I'm not going to name names, because most of these projects were never completed.
I guess I am also one of those. I am giving it a shot with my WIP sandboxing library, which aims at making sandboxing easier for applications in general: https://github.com/quitesimpleorg/exile.h. It also aims to fix the "file system blind spot" mentioned in the article, by using Landlock and Namespaces/chroot.
Though I am calling my attempt "vows" instead of "pledge" to avoid misunderstandings. At the the end of the day, pledge() cannot be pledge() on Linux, due to limitations which the article also mentions.
Nevertheless, as has already been mentioned in this thread, as all attempts, mine also suffers from the fact that one has to keep up constantly with kernel releases and all software must recompiled from time to time against new library releases. This is a suboptimal situation. Secondly, there systems calls with currently cannot be filtered with seccomp BPF, such as openat2() and clone3() and so on.
Therefore, at this time you cannot have pledge() on Linux properly. So I am putting it on hold until deep argument inspection lands.
Overall, my experience led me to believe in order to have true, partical pledge() on Linux, it must be implemented in the kernel ultimately.
libseccomp
-
Linux Security - Secure Computing Mode (seccomp)
We can configure seccomp by the libseccomp (https://github.com/seccomp/libseccomp), the prctl(https://man7.org/linux/man-pages/man2/prctl.2.html) system call and/or the seccomp syscall (https://man7.org/linux/man-pages/man2/seccomp.2.html) and/or other CLI tools (like https://github.com/david942j/seccomp-tools) .
-
Show HN: Porting OpenBSD Pledge() to Linux
Very nice! I'm a fan of OpenBSD and pledge(). I've had some success on Linux with libseccomp[0] which means you don't have to deal with BPF directly, but pledge() is obviously much much easier.
0. https://github.com/seccomp/libseccomp
-
Zoom zero-day discovery makes calls safer, hackers $200k richer
Yeah the idea of wrangling raw BPF is a bit daunting. Just FYI, libseccomp (https://github.com/seccomp/libseccomp) exists to abstract away all the BPF stuff. It even comes prepackaged by the major distros (ex https://packages.debian.org/sid/libseccomp2) so you don't even have to compile it yourself.
What are some alternatives?
tracee - Linux Runtime Security and Forensics using eBPF
capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. [Moved to: https://github.com/capstone-engine/capstone]
seccomp-scopes - Make Linux computing safe
libbpf - Automated upstream mirror for libbpf stand-alone build.
capsicum-linux - Linux kernel with Capsicum support
misc - miscellaneous scripts and small programs
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
cosmopolitan - build-once run-anywhere c library
firejail - Linux namespaces and seccomp-bpf sandbox