seccomp

Linux Syscall
Reading time: about 1 minute

seccomp, or secure computing, is a Linux syscall that aims to improve system security. By using seccomp, a process can limit the system calls available to itself.

seccomp server a similar purpose to the pledge syscall available on OpenBSD and Serenity OS.

Modes

There are two seccomp modes with different trade-offs, these are called Strict Mode and Filter Mode.

Strict mode

Strict mode is the original seccomp mode that was available before the introduction of filter mode. In strict mode, the only system calls that a process is permitted to make are read, write, exit and sigreturn. Attempting to perform any other system call results in the process getting terminated with a SIGKILL.

Filter mode

Filter mode allows more granular control of system calls by checking every syscall through a BPF program.

This allows more advanced use cases, but it is more complicated to use and more things can go wrong with it.

Enter seccomp from C

You’re gonna need some imports. If your code is meant to be cross-platform, you should check if you are compiling for a Linux system first.

#ifdef __linux__
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <linux/seccomp.h>
#endif

If you have the necessary imports, you can run the the line below and enable seccomp for the current process.

/* Use seccomp on Linux */
#ifdef __linux__
prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
#endif

Cannot exit or return from main

This is because glibc is a piece of garbage and instead of a normal exit, it uses a weird exit. You can easily use the exit syscall instead.

#ifdef __linux__
syscall(SYS_exit, 0);
#endif

The zero here is your exit code. If you had an error, change it to something that is non-zero.

Citation

If you find this work useful, please cite it as:
@article{yaltirakli,
  title   = "seccomp",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2024",
  url     = "https://www.gkbrk.com/seccomp"
}
Not using BibTeX? Click here for more citation styles.
IEEE Citation
Gokberk Yaltirakli, "seccomp", December, 2024. [Online]. Available: https://www.gkbrk.com/seccomp. [Accessed Dec. 24, 2024].
APA Style
Yaltirakli, G. (2024, December 24). seccomp. https://www.gkbrk.com/seccomp
Bluebook Style
Gokberk Yaltirakli, seccomp, GKBRK.COM (Dec. 24, 2024), https://www.gkbrk.com/seccomp

Comments

© 2024 Gokberk Yaltirakli