seccomp
This article needs to be updated.(May 2012) |
Original author(s) | Andrea Arcangeli |
---|---|
Initial release | March 8, 2005 |
Written in | C |
Operating system | Linux |
Type | Sandboxing |
License | GNU General Public License |
Website | code |
seccomp (short for secure computing the system's resources but isolates the process from them entirely.
seccomp mode is enabled via the PR_SET_SECCOMP
argument, or (since Linux kernel 3.17
seccomp-bpf is an extension to seccomp.)
Some consider seccomp comparable to OpenBSD pledge(2) and FreeBSD capsicum(4)[citation needed].
History
seccomp was first devised by Andrea Arcangeli in January 2005 for use in public
Linux kernel mainline in kernel version 2.6.12, which was released on March 8, 2005.[11]
Software using seccomp or seccomp-bpf
- Android 8.0 Oreo.[12]
- systemd's sandboxing options are based on seccomp.[13]
- KVM uses seccomp on the parameter
--sandbox
[14] - Docker – software that allows applications to run inside of isolated containers. Docker can associate a seccomp profile with the container using the
--security-opt
parameter. - Arcangeli's CPUShare was the only known user of seccomp for a while.[15] Writing in February 2009, Linus Torvalds expresses doubt whether seccomp is actually used by anyone.[16] However, a Google engineer replied that Google is exploring using seccomp for sandboxing its Chrome web browser.[17][18]
- Firejail is an open source Linux sandbox program that utilizes Linux namespaces, Seccomp, and other kernel-level security features to sandbox Linux and Wine applications.[19]
- As of Chrome version 20, seccomp-bpf is used to sandbox Adobe Flash Player.[20]
- As of Chrome version 23, seccomp-bpf is used to sandbox the renderers.[21]
- vsftpd uses seccomp-bpf sandboxing as of version 3.0.0.[23]
- OpenSSH has supported seccomp-bpf since version 6.0.[9]
- Mbox uses ptrace along with seccomp-bpf to create a secure sandbox with less overhead than ptrace alone.[24]
- LXD, a
- Firefox and Firefox OS, which use seccomp-bpf[27][28]
- Tor supports seccomp since 0.2.5.1-alpha[29]
- Lepton, a Dropbox uses seccomp[30]
- Kafel is a configuration language, which converts readable policies into seccompb-bpf bytecode[31]
- Subgraph OS uses seccomp-bpf[32][33]
- Flatpak uses seccomp for process isolation[34]
- Bubblewrap is a lightweight sandbox application developed from Flatpak[35]
- minijail[36] uses seccomp for process isolation[37]
- SydBox uses seccomp-bpf[38] to improve the runtime and security of the ptrace sandboxing used to sandbox package builds on Exherbo Linux distribution.
- File, a Unix program to determine filetypes, uses seccomp to restrict its runtime environment[39]
- Zathura, a minimalistic document viewer, uses seccomp filter to implement different sandbox modes[40]
- Tracker, a indexing and preview application for the GNOME desktop environment, uses seccomp to prevent automatic exploitation of parsing vulnerabilities in media files[41]
References
- ^ Linux Programmer's Manual – System Calls : "The seccomp() system call operates on the Secure Computing (seccomp) state" –
- ^ Corbet, Jonathan (2015-09-02). "A seccomp overview". lwn. Retrieved 2017-10-05.
- ^ "Documentation/prctl/seccomp_filter.txt". Retrieved 2017-10-05.
- ^ "Linux kernel 3.17, Section 11. Security". kernelnewbies.org. 2013-10-05. Retrieved 2015-03-31.
- ^ "seccomp: add "seccomp" syscall". kernel/git/torvalds/linux.git - Linux kernel source tree. kernel.org. 2014-06-25. Retrieved 2014-08-22.
- ^ Arcangeli, Andrea (2007-06-14). "[PATCH 1 of 2] move seccomp from /proc to a prctl". Retrieved 2013-08-02.
- ^ Tinnes, Julien (2009-05-28). "Time-stamp counter disabling oddities in the Linux kernel". cr0 blog. Retrieved 2013-08-02.
- ^ Corbet, Jonathan (2012-01-11). "Yet another new approach to seccomp". lwn. Retrieved 2013-08-02.
- ^ a b "Openssh 6.0 release notes". Retrieved 2013-10-14.
- ^ Tinnes, Julien (2012-11-19). "A safer playground for your Linux and Chrome OS renderers". The Chromium Blog. Retrieved 2013-08-02.
- ^ "[PATCH] seccomp: secure computing support". Linux kernel history. Kernel.org git repositories. 2005-03-08. Archived from the original on 2013-04-15. Retrieved 2013-08-02.
- ^ "Seccomp filter in Android O". Android Developers Blog.
- ^ "systemd.exec — Execution environment configuration". freedesktop.org. Retrieved 2017-10-14.
- ^ Otubo, Eduardo (2017-09-15). "QEMU Sandboxing new model pull request". qemu-devel mailing list archive.
- ^ van de Ven, Arjan (2009-02-28). "Re: [stable] [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.
- ^ Torvalds, Linus (2009-02-28). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.
- ^ Gutschke, Markus (2009-05-06). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Retrieved 2013-08-02.
- ^ Gutschke, Markus (2009-05-06). "Re: [PATCH 2/2] x86-64: seccomp: fix 32/64 syscall hole". Linux Kernel Mailing List. Retrieved 2013-08-02.
- ^ "Firejail". Firejail. Retrieved 2016-11-26.
- ^ Evans, Chris (2012-07-04). "Chrome 20 on Linux and Flash sandboxing". Retrieved 2013-08-02.
- ^ Tinnes, Julien (2012-09-06). "Introducing Chrome's next-generation Linux sandbox". cr0 blog. Retrieved 2013-08-02.
- ^ "Snap security policy". Archived from the original on 2017-02-04. Retrieved 2017-02-03.
- ^ Evans, Chris (2012-04-09). "vsftpd-3.0.0 and seccomp filter sandboxing is here!". Retrieved 2013-08-02.
- ^ "MBOX". Retrieved 2014-05-20.
- ^ "LXD an "hypervisor" for containers (based on liblxc)". 4 November 2014. Retrieved 2014-11-08.
- ^ "Where We're Going With LXD". Retrieved 2014-11-08.
- ^ Destuynder, Guillaume (2012-09-13). "Firefox Seccomp sandbox". Mozilla Bugzilla. Retrieved 2015-01-13.
- ^ Destuynder, Guillaume (2012-09-13). "Firefox Seccomp sandbox". Mozilla Wiki. Retrieved 2015-01-13.
- ^ "Tor ChangeLog".
- ^ "Lepton image compression: saving 22% losslessly from images at 15MB/s". Dropbox Tech Blog. Retrieved 2016-07-15.
- ^ "Kafel: A language and library for specifying syscall filtering policies".
- ^ "Subgraph OS". Subgraph. Retrieved 2016-12-18.
- ^ "LoganCIJ16: Future of OS". YouTube. Archived from the original on 2021-12-21. Retrieved 2016-12-18.
- ^ "The flatpak security model – part 1: The basics". Retrieved 2017-01-21.
- ^ "bubblewrap". Retrieved 2018-04-14.
- ^ "Chromium OS Sandboxing - the Chromium Projects".
- ^ "Minijail [LWN.net]". lwn.net. Retrieved 2017-04-11.
- ^ "core/trace/use_seccomp". dev.exherbo.org. Retrieved 2021-05-31.
- ^ "File application Sandboxing". GitHub.
- ^ "Zathura seccomp implementation".
- ^ "Gnome tracker seccomp implementation".
External links
- Official website (Archived)
- Google's Chromium sandbox, LWN.net, August 2009, by Jake Edge
- seccomp-nurse, a sandboxing framework based on seccomp
- Documentation/prctl/seccomp_filter.txt, part of the Linux kernel documentation
- Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs