diff options
| author |  Benjamin Barenblat <bbaren@google.com> | 2019-12-03 09:17:35 -0500 |
|---|---|---|
| committer | Benjamin Barenblat <bbaren@google.com> | 2019-12-03 09:51:06 -0500 |
| commit | 22a59d2d8b48cb2762362bd71e24293a53bca09a (patch) | |
| tree | 2658f134b28d211346bce6576f087aacd184acf2 /zhm/Makefile.in | |
| parent | 44041648e79f1a3d0f46903ad84ebcd5261d0c98 (diff) | |
Add a basic seccomp profile to zhm
Prevent zhm from doing some evil things while it runs (e.g., ptracing)
by implementing a basic seccomp-bpf filter. The filter still allows a
lot of potentially dangerous operations (e.g., unlink(2)), but this is
a good start.
The filter is based partly on a close reading of the zhm and libhesiod
source code and partly on empirical evidence from running zhm under
strace. I’ve run zhm with this filter for several days without
incident, but some edge cases (e.g., server failover) are still
untested.
configure decides whether or not to enable seccomp by looking for
libseccomp. By default, it treats seccomp as an enhancement and enables
it opportunistically. Builders can force seccomp to be enabled or
disabled by passing --with-seccomp or --without-seccomp, respectively,
to configure.
Diffstat (limited to 'zhm/Makefile.in')
| -rw-r--r-- | zhm/Makefile.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/zhm/Makefile.in b/zhm/Makefile.in index 77bf2c0..3284bd3 100644 --- a/zhm/Makefile.in +++ b/zhm/Makefile.in @@ -33,13 +33,14 @@ CFLAGS=@CFLAGS@ ALL_CFLAGS=${CFLAGS} -I${top_srcdir}/h -I${BUILDTOP}/h ${CPPFLAGS} LDFLAGS=@LDFLAGS@ HESIOD_LIBS=@HESIOD_LIBS@ +SECCOMP_LIBS=@SECCOMP_LIBS@ OBJS= timer.o queue.o zhm.o zhm_client.o zhm_server.o all: zhm zhm.8 zhm: ${OBJS} ${LIBZEPHYR} - ${LIBTOOL} --mode=link ${CC} ${LDFLAGS} -o $@ ${OBJS} ${LIBZEPHYR} ${HESIOD_LIBS} -lcom_err + ${LIBTOOL} --mode=link ${CC} ${LDFLAGS} -o $@ ${OBJS} ${LIBZEPHYR} ${HESIOD_LIBS} -lcom_err ${SECCOMP_LIBS} zhm.8: ${srcdir}/zhm.8.in Makefile ${editman} ${srcdir}/$@.in > $@.tmp |