From de1b03c4c28c00f99cefd5097baf3e17648a8f0b Mon Sep 17 00:00:00 2001 From: i-ky Date: Thu, 23 Feb 2023 20:37:11 +0000 Subject: [PATCH] Drop seccomp approach --- src/basset.cpp | 102 +------------------------------------------------ 1 file changed, 2 insertions(+), 100 deletions(-) diff --git a/src/basset.cpp b/src/basset.cpp index 6b2b272..eeae880 100644 --- a/src/basset.cpp +++ b/src/basset.cpp @@ -1,23 +1,15 @@ #include #include -#include #include -#include #include -#include #include -#include #undef PTRACE_CONT -#undef PTRACE_GETEVENTMSG -#undef PTRACE_GET_SYSCALL_INFO -#undef PTRACE_PEEKDATA #undef PTRACE_SETOPTIONS #undef PTRACE_TRACEME -#include #include #include #include @@ -48,7 +40,7 @@ int main(int argc, char *argv[]) { if (ptrace(PTRACE_SETOPTIONS, pid, nullptr, PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK | - PTRACE_O_TRACEEXEC | PTRACE_O_TRACESECCOMP) == -1) { + PTRACE_O_TRACEEXEC) == -1) { perror("cannot ptrace(PTRACE_SETOPTIONS)"); return -1; } @@ -74,80 +66,8 @@ int main(int argc, char *argv[]) { case PTRACE_EVENT_CLONE: case PTRACE_EVENT_EXEC: case PTRACE_EVENT_FORK: - case PTRACE_EVENT_VFORK: { - unsigned long data; - - if (ptrace(PTRACE_GETEVENTMSG, pid, nullptr, &data) == -1) { - perror("cannot ptrace(PTRACE_GETEVENTMSG)"); - return -1; - } - - cerr << "event msg: " << data << '\n'; - break; - } - case PTRACE_EVENT_SECCOMP: { - unsigned long ret_data; - - if (ptrace(PTRACE_GETEVENTMSG, pid, nullptr, &ret_data) == -1) { - perror("cannot ptrace(PTRACE_GETEVENTMSG)"); - return -1; - } - - cerr << "SECCOMP_RET_DATA: " << ret_data << '\n'; - - ptrace_syscall_info data; - auto res = - ptrace(PTRACE_GET_SYSCALL_INFO, pid, sizeof(data), &data); - - if (res == -1) { - perror("cannot ptrace(PTRACE_GET_SYSCALL_INFO)"); - return -1; - } - - if (res > sizeof(data)) { - cerr << "some data truncated\n"; - } else { - assert(res > 0); - - switch (data.op) { - case PTRACE_SYSCALL_INFO_SECCOMP: { - cerr << "seccomp " << data.seccomp.nr << '\n'; - - for (auto arg : data.seccomp.args) { - cerr << arg << ','; - } - - cerr << '\n'; - assert(ret_data == data.seccomp.ret_data); - - string path; - auto *addr = reinterpret_cast(data.seccomp.args[0]); - do { - errno = 0; - const auto peek = ptrace(PTRACE_PEEKDATA, pid, addr, 0); - - if (peek == -1 && errno != 0) { - perror("cannot ptrace(PTRACE_PEEKDATA)"); - return -1; - } - path.append(reinterpret_cast(&peek), sizeof(peek)); - addr += sizeof(peek); - } while (path.find('\0') == string::npos); - - cerr << path << '\n'; - break; - } - case PTRACE_SYSCALL_INFO_NONE: - case PTRACE_SYSCALL_INFO_ENTRY: - case PTRACE_SYSCALL_INFO_EXIT: - default: - cerr << "unexpected syscall operation: " - << static_cast(data.op) << '\n'; - return -1; - } - } + case PTRACE_EVENT_VFORK: break; - } default: cerr << "unknown stop event, signal: " << (wstatus >> 16) << '\n'; return -1; @@ -176,24 +96,6 @@ int main(int argc, char *argv[]) { return -1; } - sock_filter filter[] = { - BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(seccomp_data, nr)), - BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_chdir, 0, 1), - BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_TRACE), - BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW), - }; - sock_fprog prog = {sizeof(filter) / sizeof(*filter), filter}; - - if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { - perror("cannot prctl(PR_SET_NO_NEW_PRIVS)"); - return -1; - } - - if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog, 0, 0) != 0) { - perror("cannot prctl(PR_SET_SECCOMP)"); - return -1; - } - // allow parent to ptrace(PTRACE_SETOPTIONS) if (raise(SIGSTOP) != 0) { perror("cannot raise(SIGSTOP)");