Skip to content

Commit

Permalink
Drop seccomp approach
Browse files Browse the repository at this point in the history
  • Loading branch information
@i-ky
i-ky committed Feb 23, 2023
1 parent 0ef2214 commit de1b03c
Showing 1 changed file with 2 additions and 100 deletions.
102 changes: 2 additions & 100 deletions src/basset.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,15 @@
#include <stdio.h>
#include <unistd.h>

#include <sys/prctl.h>
#include <sys/ptrace.h>
#include <sys/syscall.h>
#include <sys/wait.h>

#include <linux/filter.h>
#include <linux/ptrace.h>
#include <linux/seccomp.h>

#undef PTRACE_CONT
#undef PTRACE_GETEVENTMSG
#undef PTRACE_GET_SYSCALL_INFO
#undef PTRACE_PEEKDATA
#undef PTRACE_SETOPTIONS
#undef PTRACE_TRACEME

#include <cassert>
#include <csignal>
#include <iostream>
#include <string>
Expand Down Expand Up @@ -48,7 +40,7 @@ int main(int argc, char *argv[]) {

if (ptrace(PTRACE_SETOPTIONS, pid, nullptr,
PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK |
PTRACE_O_TRACEEXEC | PTRACE_O_TRACESECCOMP) == -1) {
PTRACE_O_TRACEEXEC) == -1) {
perror("cannot ptrace(PTRACE_SETOPTIONS)");
return -1;
}
Expand All @@ -74,80 +66,8 @@ int main(int argc, char *argv[]) {
case PTRACE_EVENT_CLONE:
case PTRACE_EVENT_EXEC:
case PTRACE_EVENT_FORK:
case PTRACE_EVENT_VFORK: {
unsigned long data;

if (ptrace(PTRACE_GETEVENTMSG, pid, nullptr, &data) == -1) {
perror("cannot ptrace(PTRACE_GETEVENTMSG)");
return -1;
}

cerr << "event msg: " << data << '\n';
break;
}
case PTRACE_EVENT_SECCOMP: {
unsigned long ret_data;

if (ptrace(PTRACE_GETEVENTMSG, pid, nullptr, &ret_data) == -1) {
perror("cannot ptrace(PTRACE_GETEVENTMSG)");
return -1;
}

cerr << "SECCOMP_RET_DATA: " << ret_data << '\n';

ptrace_syscall_info data;
auto res =
ptrace(PTRACE_GET_SYSCALL_INFO, pid, sizeof(data), &data);

if (res == -1) {
perror("cannot ptrace(PTRACE_GET_SYSCALL_INFO)");
return -1;
}

if (res > sizeof(data)) {
cerr << "some data truncated\n";
} else {
assert(res > 0);

switch (data.op) {
case PTRACE_SYSCALL_INFO_SECCOMP: {
cerr << "seccomp " << data.seccomp.nr << '\n';

for (auto arg : data.seccomp.args) {
cerr << arg << ',';
}

cerr << '\n';
assert(ret_data == data.seccomp.ret_data);

string path;
auto *addr = reinterpret_cast<char *>(data.seccomp.args[0]);
do {
errno = 0;
const auto peek = ptrace(PTRACE_PEEKDATA, pid, addr, 0);

if (peek == -1 && errno != 0) {
perror("cannot ptrace(PTRACE_PEEKDATA)");
return -1;
}
path.append(reinterpret_cast<const char *>(&peek), sizeof(peek));
addr += sizeof(peek);
} while (path.find('\0') == string::npos);

cerr << path << '\n';
break;
}
case PTRACE_SYSCALL_INFO_NONE:
case PTRACE_SYSCALL_INFO_ENTRY:
case PTRACE_SYSCALL_INFO_EXIT:
default:
cerr << "unexpected syscall operation: "
<< static_cast<int>(data.op) << '\n';
return -1;
}
}
case PTRACE_EVENT_VFORK:
break;
}
default:
cerr << "unknown stop event, signal: " << (wstatus >> 16) << '\n';
return -1;
Expand Down Expand Up @@ -176,24 +96,6 @@ int main(int argc, char *argv[]) {
return -1;
}

sock_filter filter[] = {
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(seccomp_data, nr)),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_chdir, 0, 1),
BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_TRACE),
BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW),
};
sock_fprog prog = {sizeof(filter) / sizeof(*filter), filter};

if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {
perror("cannot prctl(PR_SET_NO_NEW_PRIVS)");
return -1;
}

if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0) != 0) {
perror("cannot prctl(PR_SET_SECCOMP)");
return -1;
}

// allow parent to ptrace(PTRACE_SETOPTIONS)
if (raise(SIGSTOP) != 0) {
perror("cannot raise(SIGSTOP)");
Expand Down

0 comments on commit de1b03c

Please sign in to comment.