seccomp-tools 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +151 -0
- data/bin/seccomp-tools +5 -0
- data/ext/ptrace/extconf.rb +5 -0
- data/ext/ptrace/ptrace.c +76 -0
- data/lib/seccomp-tools.rb +8 -0
- data/lib/seccomp-tools/bpf.rb +71 -0
- data/lib/seccomp-tools/cli/base.rb +67 -0
- data/lib/seccomp-tools/cli/cli.rb +72 -0
- data/lib/seccomp-tools/cli/disasm.rb +41 -0
- data/lib/seccomp-tools/cli/dump.rb +66 -0
- data/lib/seccomp-tools/const.rb +112 -0
- data/lib/seccomp-tools/consts/amd64.rb +335 -0
- data/lib/seccomp-tools/consts/i386.rb +382 -0
- data/lib/seccomp-tools/context.rb +31 -0
- data/lib/seccomp-tools/disasm.rb +37 -0
- data/lib/seccomp-tools/dumper.rb +128 -0
- data/lib/seccomp-tools/instruction/alu.rb +42 -0
- data/lib/seccomp-tools/instruction/base.rb +30 -0
- data/lib/seccomp-tools/instruction/instruction.rb +8 -0
- data/lib/seccomp-tools/instruction/jmp.rb +76 -0
- data/lib/seccomp-tools/instruction/ld.rb +69 -0
- data/lib/seccomp-tools/instruction/ldx.rb +14 -0
- data/lib/seccomp-tools/instruction/misc.rb +24 -0
- data/lib/seccomp-tools/instruction/ret.rb +19 -0
- data/lib/seccomp-tools/instruction/st.rb +20 -0
- data/lib/seccomp-tools/instruction/stx.rb +14 -0
- data/lib/seccomp-tools/syscall.rb +67 -0
- data/lib/seccomp-tools/util.rb +54 -0
- data/lib/seccomp-tools/version.rb +4 -0
- metadata +173 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'seccomp-tools/const'
|
2
|
+
require 'seccomp-tools/ptrace'
|
3
|
+
|
4
|
+
module SeccompTools
|
5
|
+
# Record syscall number, arguments, return value.
|
6
|
+
class Syscall
|
7
|
+
# Syscall arguments offset of +struct user+ in different arch.
|
8
|
+
ABI = {
|
9
|
+
amd64: { number: 120, args: [112, 104, 96, 56, 72, 44], ret: 80, SYS_prctl: 157 },
|
10
|
+
i386: { number: 120, args: [40, 88, 96, 104, 112, 32], ret: 80, SYS_prctl: 172 }
|
11
|
+
}.freeze
|
12
|
+
|
13
|
+
attr_reader :pid, :abi, :number, :args, :ret
|
14
|
+
# @param [String] pid
|
15
|
+
# Process-id.
|
16
|
+
def initialize(pid)
|
17
|
+
@pid = pid
|
18
|
+
raise ArgumentError, "Only supports #{ABI.keys.join(', ')}" if ABI[arch].nil?
|
19
|
+
@abi = ABI[arch]
|
20
|
+
@number = peek(abi[:number])
|
21
|
+
@args = abi[:args].map { |off| peek(off) }
|
22
|
+
@ret = peek(abi[:ret])
|
23
|
+
end
|
24
|
+
|
25
|
+
# Is this a +prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, addr)+ syscall?
|
26
|
+
# @return [Boolean]
|
27
|
+
# +true+ for is a seccomp installation syscall.
|
28
|
+
def set_seccomp?
|
29
|
+
# TODO: handle SECCOMP_MODE_STRICT
|
30
|
+
number == abi[:SYS_prctl] && args[0] == Const::BPF::PR_SET_SECCOMP && args[1] == Const::BPF::SECCOMP_MODE_FILTER
|
31
|
+
end
|
32
|
+
|
33
|
+
# Dump bpf byte from +args[2]+.
|
34
|
+
# @return [String]
|
35
|
+
def dump_bpf
|
36
|
+
addr = args[2]
|
37
|
+
len = Ptrace.peekdata(pid, addr, 0) & 0xffff # len is unsigned short
|
38
|
+
filter = Ptrace.peekdata(pid, addr + bits / 8, 0) & ((1 << bits) - 1)
|
39
|
+
Array.new(len) { |i| Ptrace.peekdata(pid, filter + i * 8, 0) }.pack('Q*')
|
40
|
+
end
|
41
|
+
|
42
|
+
# @return [Symbol]
|
43
|
+
# Architecture of this syscall.
|
44
|
+
def arch
|
45
|
+
@arch ||= File.open("/proc/#{pid}/exe", 'rb') do |f|
|
46
|
+
f.pos = 4
|
47
|
+
case f.read(1).ord
|
48
|
+
when 1 then :i386
|
49
|
+
when 2 then :amd64
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
private
|
55
|
+
|
56
|
+
def bits
|
57
|
+
case arch
|
58
|
+
when :i386 then 32
|
59
|
+
when :amd64 then 64
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def peek(offset)
|
64
|
+
Ptrace.peekuser(pid, offset, 0)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module SeccompTools
|
2
|
+
# Define utility methods.
|
3
|
+
module Util
|
4
|
+
module_function
|
5
|
+
|
6
|
+
# Get currently supported architectures.
|
7
|
+
# @return [Array<Symbol>]
|
8
|
+
# Architectures.
|
9
|
+
def supported_archs
|
10
|
+
@archs ||= Dir.glob(File.join(__dir__, 'consts', '*.rb')).map { |f| File.basename(f, '.rb').to_sym }.sort
|
11
|
+
end
|
12
|
+
|
13
|
+
# Detect system architecture.
|
14
|
+
# @return [Symbol]
|
15
|
+
def system_arch
|
16
|
+
case RbConfig::CONFIG['host_cpu']
|
17
|
+
when /x86_64/ then :amd64
|
18
|
+
when /i386/ then :i386
|
19
|
+
else :unknown
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def disable_color!
|
24
|
+
@disable_color = true
|
25
|
+
end
|
26
|
+
|
27
|
+
# Is colorize enabled?
|
28
|
+
# @return [Boolean]
|
29
|
+
def colorize_enabled?
|
30
|
+
!@disable_color && $stdout.tty?
|
31
|
+
end
|
32
|
+
|
33
|
+
# Color codes for pretty print.
|
34
|
+
COLOR_CODE = {
|
35
|
+
esc_m: "\e[0m",
|
36
|
+
syscall: "\e[38;5;120m", # light green
|
37
|
+
arch: "\e[38;5;230m" # light yellow
|
38
|
+
}.freeze
|
39
|
+
# Wrapper color codes.
|
40
|
+
# @param [String] s
|
41
|
+
# Contents to wrapper.
|
42
|
+
# @param [Symbol?] sev
|
43
|
+
# Specific which kind of color to use, valid symbols are defined in +#COLOR_CODE+.
|
44
|
+
# @return [String]
|
45
|
+
# Wrapper with color codes.
|
46
|
+
def colorize(s, t: nil)
|
47
|
+
s = s.to_s
|
48
|
+
return s unless colorize_enabled?
|
49
|
+
cc = COLOR_CODE
|
50
|
+
color = cc[t]
|
51
|
+
"#{color}#{s.sub(cc[:esc_m], color)}#{cc[:esc_m]}"
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
metadata
ADDED
@@ -0,0 +1,173 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: seccomp-tools
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- david942j
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-06-08 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: codeclimate-test-reporter
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.6'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0.6'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '12.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '12.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake-compiler
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.5'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.5'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rubocop
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.49'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.49'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: simplecov
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 0.13.0
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.13.0
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: yard
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0.9'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0.9'
|
111
|
+
description: ''
|
112
|
+
email:
|
113
|
+
- david942j@gmail.com
|
114
|
+
executables:
|
115
|
+
- seccomp-tools
|
116
|
+
extensions:
|
117
|
+
- ext/ptrace/extconf.rb
|
118
|
+
extra_rdoc_files: []
|
119
|
+
files:
|
120
|
+
- README.md
|
121
|
+
- bin/seccomp-tools
|
122
|
+
- ext/ptrace/extconf.rb
|
123
|
+
- ext/ptrace/ptrace.c
|
124
|
+
- lib/seccomp-tools.rb
|
125
|
+
- lib/seccomp-tools/bpf.rb
|
126
|
+
- lib/seccomp-tools/cli/base.rb
|
127
|
+
- lib/seccomp-tools/cli/cli.rb
|
128
|
+
- lib/seccomp-tools/cli/disasm.rb
|
129
|
+
- lib/seccomp-tools/cli/dump.rb
|
130
|
+
- lib/seccomp-tools/const.rb
|
131
|
+
- lib/seccomp-tools/consts/amd64.rb
|
132
|
+
- lib/seccomp-tools/consts/i386.rb
|
133
|
+
- lib/seccomp-tools/context.rb
|
134
|
+
- lib/seccomp-tools/disasm.rb
|
135
|
+
- lib/seccomp-tools/dumper.rb
|
136
|
+
- lib/seccomp-tools/instruction/alu.rb
|
137
|
+
- lib/seccomp-tools/instruction/base.rb
|
138
|
+
- lib/seccomp-tools/instruction/instruction.rb
|
139
|
+
- lib/seccomp-tools/instruction/jmp.rb
|
140
|
+
- lib/seccomp-tools/instruction/ld.rb
|
141
|
+
- lib/seccomp-tools/instruction/ldx.rb
|
142
|
+
- lib/seccomp-tools/instruction/misc.rb
|
143
|
+
- lib/seccomp-tools/instruction/ret.rb
|
144
|
+
- lib/seccomp-tools/instruction/st.rb
|
145
|
+
- lib/seccomp-tools/instruction/stx.rb
|
146
|
+
- lib/seccomp-tools/syscall.rb
|
147
|
+
- lib/seccomp-tools/util.rb
|
148
|
+
- lib/seccomp-tools/version.rb
|
149
|
+
homepage: https://github.com/david942j/seccomp-tools
|
150
|
+
licenses:
|
151
|
+
- MIT
|
152
|
+
metadata: {}
|
153
|
+
post_install_message:
|
154
|
+
rdoc_options: []
|
155
|
+
require_paths:
|
156
|
+
- lib
|
157
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
158
|
+
requirements:
|
159
|
+
- - ">="
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: 2.1.0
|
162
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
167
|
+
requirements: []
|
168
|
+
rubyforge_project:
|
169
|
+
rubygems_version: 2.6.10
|
170
|
+
signing_key:
|
171
|
+
specification_version: 4
|
172
|
+
summary: seccomp-tools
|
173
|
+
test_files: []
|