Conversation

Aug 22, 2019

Wow. I can't believe anyone even bothered adding seccomp to libmagic file(1). ... "file sets up its sandbox early and thus has to allow a ton of system calls (including open and write) ... this sandbox is somewhat useless, because it is way too weak."

lwn.net

Hardening the "file" utility for Debian

The file command would seem to be an ideal candidate for sandboxing; it routinely handles untrusted input. But an effort to add seccomp() filtering to file for Debian has run aground. The upstream...

Replying to

Yeah, the seccomp filter in file is beyond useless. I looked into trying to fix it (e.g. using classic seccomp, to allow only I/O on files already open), but it's not trivial. This was from a distro I used to work. I almost used your portable version of the OpenBSD file, but...

Replying to

and

... couldn't risk breaking anything with subtle differences in output. Merely enabling seccomp broke things because the allocator in that distro is patched to mprotect() to enable huge pages in some cases, for instance...

Replying to

and

The way they're using seccomp-bpf only makes sense as kernel attack surface reduction as a secondary layer in a sandbox. It's certainly possible to make a good sandbox directly with seccomp-bpf alone but the software has to be built around a privilege separation model.

Replying to

and

It doesn't really make sense to use the mode 1 seccomp since you can use seccomp-bpf to do the same thing and you don't run into the inability to support malloc (mmap, mprotect, munmap) if needed, threads (if applicable), etc. It can definitely make a proper sandbox alone.

5:02 PM · Aug 22, 2019Twitter Web App

Replying to

and

If the software isn't ported to a proper privilege separation design, they need to be using something like namespaces for a semantic layer sandbox with seccomp-bpf as a secondary layer. That's how the Chromium sandbox works, but even then it doesn't allow system calls like open.