[GSoC][RFC]: seccomp-assisted syscall filtering

Eugene Syromyatnikov evgsyr at gmail.com
Tue Mar 13 17:22:58 UTC 2018


On Tue, Mar 13, 2018 at 11:26 AM, Dmitry V. Levin <ldv at altlinux.org> wrote:
> On Mon, Mar 12, 2018 at 02:29:36PM +0100, Eugene Syromiatnikov wrote:
>> On Mon, Mar 12, 2018 at 10:38:37AM +0800, Chen Jingpiao wrote:
>> > Hi.
>> >
>> > I want to apply GSoC again. I am interested in seccomp-assisted syscall
>> > filtering project.
>> >
>> > I introduce myself again.
>> >
>> > My name is Chen Jingpiao, a junior student in Guangdong Pharmaceutical
>> > University, majoring in Computer Science and Technology. I am familiar with C,
>> > Linux and tools (Git, vim, gdb, find, grep, diff, makefile etc.)
>> > I have accepted strace GSoC 2017 netlink socket parsers project.
>> >
>> > I will prepare the work according to the following step:
>> >
>> > 1. Understand how strace trace a program (or attach a process)
>> > 2. How seccomp work
>> > 3. How to handle special case:
>> >     * architecture
>> >     * personality
>> >     * -f option
>> >     * subcall
>> > 4. How introduce seccomp filter in strace
>> >
>> > I'm happy to hear your suggestions or get your help.
>> > Thank you.
>>
>> Please note that there is already some (seemingly abandoned) patch
>> available that tries to introduce the functionality in question[1],
>> as mentioned on strace's GSoC wiki page[2] (do you plan to use it in
>> your work or will do everything from scratch?).
>
> Does this patch contain anything worth reusing?

To me, at least code generation part was somewhat useful, but can be
readily ignored.

>> I'm looking forward
>> to a more elaborate description of the proposal (for example, what are
>> expected limitations of seccomp filter (like its size)
>
> The limit on the number of instructions in seccomp filter is BPF_MAXINSNS,
> it's much higher than the number of syscalls so there shouldn't be any
> limitations assuming that the filter is sane.

Well, we still have MIPS.

Another question is multiple personality support.

-- 
Eugene Syromyatnikov
mailto:evgsyr at gmail.com
xmpp:esyr at jabber.{ru|org}


More information about the Strace-devel mailing list