Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Naive system call dropper built on seccomp_filter.
0004  *
0005  * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
0006  * Author: Will Drewry <wad@chromium.org>
0007  *
0008  * The code may be used by anyone for any purpose,
0009  * and can serve as a starting point for developing
0010  * applications using prctl(PR_SET_SECCOMP, 2, ...).
0011  *
0012  * When run, returns the specified errno for the specified
0013  * system call number against the given architecture.
0014  *
0015  */
0016 
0017 #include <errno.h>
0018 #include <linux/audit.h>
0019 #include <linux/filter.h>
0020 #include <linux/seccomp.h>
0021 #include <linux/unistd.h>
0022 #include <stdio.h>
0023 #include <stddef.h>
0024 #include <stdlib.h>
0025 #include <sys/prctl.h>
0026 #include <unistd.h>
0027 
0028 static int install_filter(int arch, int nr, int error)
0029 {
0030     struct sock_filter filter[] = {
0031         BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
0032              (offsetof(struct seccomp_data, arch))),
0033         BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, arch, 0, 3),
0034         BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
0035              (offsetof(struct seccomp_data, nr))),
0036         BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1),
0037         BPF_STMT(BPF_RET+BPF_K,
0038              SECCOMP_RET_ERRNO|(error & SECCOMP_RET_DATA)),
0039         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
0040     };
0041     struct sock_fprog prog = {
0042         .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
0043         .filter = filter,
0044     };
0045     if (error == -1) {
0046         struct sock_filter kill = BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL);
0047         filter[4] = kill;
0048     }
0049     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
0050         perror("prctl(NO_NEW_PRIVS)");
0051         return 1;
0052     }
0053     if (prctl(PR_SET_SECCOMP, 2, &prog)) {
0054         perror("prctl(PR_SET_SECCOMP)");
0055         return 1;
0056     }
0057     return 0;
0058 }
0059 
0060 int main(int argc, char **argv)
0061 {
0062     if (argc < 5) {
0063         fprintf(stderr, "Usage:\n"
0064             "dropper <arch> <syscall_nr> <errno> <prog> [<args>]\n"
0065             "Hint:  AUDIT_ARCH_I386: 0x%X\n"
0066             "   AUDIT_ARCH_X86_64: 0x%X\n"
0067             "   errno == -1 means SECCOMP_RET_KILL\n"
0068             "\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
0069         return 1;
0070     }
0071     if (install_filter(strtol(argv[1], NULL, 0), strtol(argv[2], NULL, 0),
0072                strtol(argv[3], NULL, 0)))
0073         return 1;
0074     execv(argv[4], &argv[4]);
0075     printf("Failed to execv\n");
0076     return 255;
0077 }
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!