SECCOMP has been added to the Ubuntu 12.04 kernel

Discussion in 'all things UNIX' started by MessageBoxA, May 14, 2012.

Thread Status:
Not open for further replies.
  1. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Hi,

    A few months back I revealed an area of research in which by limiting access to system calls I was successfully blocking a huge number of zero-day vulnerabilities on the windows platform.

    https://www.wilderssecurity.com/showpost.php?p=2021004&postcount=38

    A very similar technique has now been implemented in the Ubuntu kernel. It may take a while... but eventually open source developers will start using seccomp as another hardening tool.

    On Ubuntu you can enable the experimental sandbox in chromium by launching chromium with the --enable-seccomp-sandbox argument.

    It should be available 'by default' very soon in the Chrome OS when the seccomp filter policy is made fully compatible.

    Best Wishes,
    -MessageBoxA
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I assume this will also apply to its cousin, Xubuntu?
     
  3. tlu

    tlu Guest

    This already worked in Ubuntu 11.10.

    BTW: The fact, that SECCOMP is coming to the Ubuntu kernel, was already mentioned by Hungry Man here.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's pretty cool. It pairs perfectly with apparmor/ other sandboxing methods.

    edit: Funky, it should be included in all Ubuntu distros like Kubuntu etc.
     
    Last edited: May 14, 2012
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Thanks
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Seccomp is nothing new. It has been available for several years now. Fedora and SuSE both enabled it in their kernels since at least 2009. Also, Chrome has been using this as one of its two sandboxing methods on Linux for a while now.

    But if this is going into the mainline kernel, this is good news.
     
  7. MessageBoxA

    MessageBoxA Registered Member

    Joined:
    Jun 20, 2011
    Posts:
    53
    Hi,

    Thanks for the seccomp clarifications guys. I actually come from a Unix background and moved to GNU/Linux around 1994/95. I was once considered a Unix/Linux guru but I eventually began developing on the Microsoft Windows platform and now I am a little rusty with GNU/Linux.

    As far as I can tell... there are very few GNU packages that are using seccomp. It looks like many distros have embraced the SeLinux patches... but I don't see any that include the grsecurity/PaX patches with the exception of Gentoo.

    Anyway I will be porting some of my research projects to the Linux platform using the cross-platform Qt framework. I am really looking forward to doing this.

    Best Wishes,
    -MessageBoxA
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Actually seccomp is new. It's been in the kernel for ages but this new seccomp is very different.

    Original seccomp allowed read, write, and two other calls I can't remember. Any other calls would lead to panick.

    New seccomp allows any whitelisted calls on a per-program compile-time basis and all other calls lead to crash.

    So the first implementation is virtually useless. Nothing could fit into that sandbox. The second implementation allows for intensely finely grained access control.

    Chrome is an example of absolute least privilege, which you can't find on Windows. Why? Because (in large part) it can make use of seccomp.

    Does anyone know when this will hit the main Linux kernel source?
     
    Last edited: May 16, 2012
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
Loading...
Thread Status:
Not open for further replies.