Using seccomp to Limit the Kernel Attack Surface
Session information has not yet been published for this event.
One Line Summary
This session, will look briefly at the history of seccomp, then examine the BPF virtual machine and some practical examples of filtering programs that restrict the set of permitted system calls.
The seccomp (secure computing) facility is a means to limit the set of system calls a program may make. Starting from humble beginnings in Linux 2.6.12, seccomp has evolved to the point where it can be used to select exactly which system calls are permitted and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs—programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Seccomp applications include sandboxing and failure-mode testing, and seccomp is by now used in a number of web browsers, container systems such as Docker, and elsewhere. In this session, we’ll look briefly at the history of seccomp before going on to examine the BPF virtual machine and some practical examples of filtering programs that restrict the set of permitted system calls.
Michael Kerrisk is the author of the acclaimed book, “The Linux Programming Interface” (http://man7.org/tlpi/ ), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space interfaces. Since 2004, he been the maintainer of the Linux man-pages project (http://www.kernel.org/doc/man-pages/ ). Michael is New Zealander, working as an independent trainer and consultant in Munich, Germany.