From 22a59d2d8b48cb2762362bd71e24293a53bca09a Mon Sep 17 00:00:00 2001 From: Benjamin Barenblat Date: Tue, 3 Dec 2019 09:17:35 -0500 Subject: Add a basic seccomp profile to zhm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevent zhm from doing some evil things while it runs (e.g., ptracing) by implementing a basic seccomp-bpf filter. The filter still allows a lot of potentially dangerous operations (e.g., unlink(2)), but this is a good start. The filter is based partly on a close reading of the zhm and libhesiod source code and partly on empirical evidence from running zhm under strace. I’ve run zhm with this filter for several days without incident, but some edge cases (e.g., server failover) are still untested. configure decides whether or not to enable seccomp by looking for libseccomp. By default, it treats seccomp as an enhancement and enables it opportunistically. Builders can force seccomp to be enabled or disabled by passing --with-seccomp or --without-seccomp, respectively, to configure. --- configure.ac | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index dd0dc5a..cb0d568 100644 --- a/configure.ac +++ b/configure.ac @@ -264,7 +264,27 @@ if test "x$with_ares" != "xno"; then AC_MSG_ERROR(libcares not found))) fi AC_SUBST(ARES_LIBS) - + +AC_ARG_WITH(seccomp, + [AS_HELP_STRING([--without-seccomp], [Disable seccomp]) +AS_HELP_STRING([--with-seccomp=PREFIX], [Specify location of libseccomp])], + [seccomp="$withval"], [seccomp=maybe]) +AS_IF([test "x$seccomp" != "xno"], [ + AS_IF([test "x$seccomp" != "xyes" && test "x$seccomp" != "xmaybe"], [ + CPPFLAGS="$CPPFLAGS -I$seccomp/include" + LDFLAGS="$LDFLAGS -I$seccomp/lib" + ]) + AC_CHECK_LIB(seccomp, seccomp_init, [ + SECCOMP_LIBS="-lseccomp" + AC_DEFINE(HAVE_SECCOMP, 1, + [Define to compile with libseccomp support.]) + ], [ + AS_IF([test "x$seccomp" != "xmaybe"], + AC_MSG_ERROR([libseccomp not found])) + ]) +]) +AC_SUBST(SECCOMP_LIBS) + AC_PROG_GCC_TRADITIONAL AC_FUNC_VPRINTF AC_FUNC_GETPGRP -- cgit v1.2.3