January 30, 2020

205 words 1 min read

Using Seccomp to Limit the Kernel Attack Surface

Using Seccomp to Limit the Kernel Attack Surface

The seccomp (secure computing) facility is a means to select exactly which system calls a program is permitted to make and to restrict the arguments that may be passed to those system calls. System ca …

Talk Title Using Seccomp to Limit the Kernel Attack Surface
Speakers Michael Kerrisk (Trainer/consultant, man7.org Training and Consulting)
Conference Open Source Summit + ELC Europe
Conf Tag
Location Edinburgh, UK
Date Oct 21-25, 2018
URL Talk Page
Slides Talk Slides
Video

The seccomp (secure computing) facility is a means to select exactly which system calls a program is permitted to make and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs–programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Seccomp applications include sandboxing and failure-mode testing, and seccomp is by now used in a number of web browsers, container systems, and elsewhere. After outlining the basics of the BPF virtual machine, we look at some examples of filtering programs that restrict the set of permitted system calls, consider some productivity aids for seccomp writing filters, and note also some caveats to with respect to the use of seccomp.

comments powered by Disqus