security - Disable Linux vsyscall vdso vvar -

-

i implementing linux security sandbox custom bytecode interpreter through seccomp mode. minimize as possible attack surface, want run in clean virtual address space. need code , data segments plus stack available, not need vsyscall, vdso nor vvar.

is there way disable allocation of pages given process?

basically, no, have disable vsyscall/vdso globally if want mapping unavailable. if want program unable call vsyscall/vdso syscalls, seccomp able it. caveats though:

see https://www.kernel.org/doc/documentation/prctl/seccomp_filter.txt

on x86-64, vsyscall emulation enabled default. (vsyscalls legacy variants on vdso calls.) currently, emulated vsyscalls honor seccomp, few oddities:

  • a return value of seccomp_ret_trap set si_call_addr pointing vsyscall entry given call , not address after 'syscall' instruction. code wants restart call should aware (a) ret instruction has been emulated , (b) trying resume syscall again trigger standard vsyscall emulation security checks, making resuming syscall pointless.

  • a return value of seccomp_ret_trace signal tracer usual, syscall may not changed system call using orig_rax register. may changed -1 order skip emulated call. other change may terminate process. rip value seen tracer syscall entry address; different normal behavior. tracer must not modify rip or rsp. (do not rely on other changes terminating process. might work. example, on kernels, choosing syscall exists in future kernels correctly emulated (by returning -enosys).

to detect quirky behavior, check addr & ~0x0c00 == 0xffffffffff600000. (for seccomp_ret_trace, use rip. seccomp_ret_trap, use siginfo->si_call_addr.) not check other condition: future kernels may improve vsyscall emulation , current kernels in vsyscall=native mode behave differently, instructions @ 0xf...f600{0,4,8,c}00 not system calls in these cases.

note modern systems unlikely use vsyscalls @ -- legacy feature , considerably slower standard syscalls. new code use vdso, , vdso-issued system calls indistinguishable normal system calls.

so emulated vsyscalls can confined seccomp, , vdsos likewise confined seccomp. if disable gettimeofday(), confined program not able call syscall through emulated vsyscall, vdso, or regular syscall. if confine them way seccomp, shouldn't have worry attack surface create.

if worried attacker exploiting vdso mapping (which doesn't require calling syscall), don't believe there's way disable on per-process basis reliably. can prevent being linked in, hard prevent compromised bytecode interpreter allocating memory , putting back. can boot vdso=0 kernel parameter disable globally, though, linking in nothing.


Comments

Post a Comment

Popular posts from this blog

mysql - Dreamhost PyCharm Django Python 3 Launching a Site -

-
i'm new python/django , created simple django website using pycharm. site works fine running on computer, i'm lost when comes taking site onto host (dreamhost). i'm able upload files correct directories fine, , believe made correct changes database on mysql. i'm not sure go there though. right now, page shows files rather site. direction appreciated. much! you should not run django application using python manage.py runserver on production. how run application on django depends on server (apache, nginx) want use for apache - https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/ for nginx - https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04 the mysql database should, of course, exist , have correct credentials. or, if choose use sqlite, file should accessible, readable , writable www-user (may different depending on linux distributive)
Read more

java - Sending SMS with SMSLib and Web Services -

-
i have made rest web service send smss using hsdpa usb modem. using smslib in java send smss. every time web service invoked, create gateway start service, send message, stop service , remove gateway. takes 20 seconds each message. found starting service takes lot of time. part of code use send smss service.getinstance().addgateway(gateway); service.getinstance().startservice(); outboundmessage msg = new outboundmessage(phonenumber, message); if (service.getinstance().sendmessage(msg)) { result = "message sent successfully!!"; } else { result = "could not send message."; } service.getinstance().stopservice(); service.getinstance().removegateway(gateway);//remove gateway is there way can start service once if not started , use send message when ever web service invoked? why dont group messages , send in 1 go? service.getinstance().sendmessages(messa...
Read more

java - How to resolve The method toString() in the type Object is not applicable for the arguments (InputStream) -

-
i'm trying read json file local machine. @path("/") public class jsonparsing { file f = new file("file.json"); if (f.exists()){ inputstream = new fileinputstream("file.json"); string jsontxt = ioutils.tostring(is); system.out.println(jsontxt); jsonobject json = new jsonobject(jsontxt); string = json.getstring("1000"); system.out.println(a); } } but i'm getting error in tostring() method. possible read .txt file containing json object local machine? if possible, how done? firstly: whenever ask question- add imports well. secondly: yes possible read .txt file containing json object. steps: 1. add maven dependency in pom.xml - <dependency> <groupid>com.googlecode.json-simple</groupid> <artifactid>json-simple</artifactid> <version>1.1.1</version> </dependency> or add jar of dependency. 2.import...
Read more