7

Some Linux system calls (such as execve, openat) have string type arguments. But the comparison function SCMP_CMP provided by seccomp seems to be comparing two pointers. So how can I limit files that can be opened by a process to a specific dir using seccomp? Is there a way for users to provide a general comparison function?

Cyker
  • 4,174
  • 6
  • 34
  • 45
  • 1
    Hmm, why do some people suggest this question doesn't fit here, given the fact that seccomp is built in the Linux kernel... – Cyker Jan 02 '19 at 19:58
  • Ho hum, I would have thought this to be on-topic, based on the "C API and system interfaces" point in the [help page](https://unix.stackexchange.com/help/on-topic), and the fact that it's specific to an OS that matches the description "Unix & Linux". But apparently the consensus on [the discussion in meta](https://unix.meta.stackexchange.com/questions/314/unix-c-api-calls-ontopic) is that interfaces like that aren't on-topic since "only programmers see them". – ilkkachu Jan 02 '19 at 20:28
  • In any case, there's even a tag for [seccomp](https://stackoverflow.com/questions/tagged/seccomp) on stackoverflow, so chances are there's someone there who knows something about it. – ilkkachu Jan 02 '19 at 20:31
  • According to [this talk](https://youtu.be/q6n4Q3lgjSA) (at the 8 minute mark) from a few months ago, pointer dereferencing in seccomp bpf is not yet possible, but is being worked on. – Mark Plotnick Jan 03 '19 at 21:55
  • 1
    One issue with trying to read process memory as a security check is that there's a TOCTOU race if you have multiple threads or shared/ mmapped memory. – Mark Plotnick Jan 03 '19 at 22:06
  • relevant 2019 LWN article: [Deep argument inspection for seccomp](https://lwn.net/Articles/799557/) – maxschlepzig Apr 18 '20 at 07:41

0 Answers0