SECCOMP has been added to the Ubuntu 12.04 kernel

Hi,

A few months back I revealed an area of research in which by limiting access to system calls I was successfully blocking a huge number of zero-day vulnerabilities on the windows platform.

https://www.wilderssecurity.com/showpost.php?p=2021004&postcount=38

A very similar technique has now been implemented in the Ubuntu kernel. It may take a while... but eventually open source developers will start using seccomp as another hardening tool.

On Ubuntu you can enable the experimental sandbox in chromium by launching chromium with the --enable-seccomp-sandbox argument.

It should be available 'by default' very soon in the Chrome OS when the seccomp filter policy is made fully compatible.

Best Wishes,
-MessageBoxA

 

I assume this will also apply to its cousin, Xubuntu?

 

This already worked in Ubuntu 11.10.

BTW: The fact, that SECCOMP is coming to the Ubuntu kernel, was already mentioned by Hungry Man here.

 

It's pretty cool. It pairs perfectly with apparmor/ other sandboxing methods.

edit: Funky, it should be included in all Ubuntu distros like Kubuntu etc.

 

Thanks

 

Seccomp is nothing new. It has been available for several years now. Fedora and SuSE both enabled it in their kernels since at least 2009. Also, Chrome has been using this as one of its two sandboxing methods on Linux for a while now.

But if this is going into the mainline kernel, this is good news.

 

Hi,

Thanks for the seccomp clarifications guys. I actually come from a Unix background and moved to GNU/Linux around 1994/95. I was once considered a Unix/Linux guru but I eventually began developing on the Microsoft Windows platform and now I am a little rusty with GNU/Linux.

As far as I can tell... there are very few GNU packages that are using seccomp. It looks like many distros have embraced the SeLinux patches... but I don't see any that include the grsecurity/PaX patches with the exception of Gentoo.

Anyway I will be porting some of my research projects to the Linux platform using the cross-platform Qt framework. I am really looking forward to doing this.

Best Wishes,
-MessageBoxA

 

Actually seccomp is new. It's been in the kernel for ages but this new seccomp is very different.

Original seccomp allowed read, write, and two other calls I can't remember. Any other calls would lead to panick.

New seccomp allows any whitelisted calls on a per-program compile-time basis and all other calls lead to crash.

So the first implementation is virtually useless. Nothing could fit into that sandbox. The second implementation allows for intensely finely grained access control.

Chrome is an example of absolute least privilege, which you can't find on Windows. Why? Because (in large part) it can make use of seccomp.

Does anyone know when this will hit the main Linux kernel source?

 

https://twitter.com/#!/damienmiller/status/187351912113377280

http://hg.mindrot.org/openssh/rev/f40779d28db5