1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
// reboot() syscall - System Reboot/Halt Attack
//
// WHY REBOOT IS DANGEROUS:
// The reboot() syscall can halt, reboot, or suspend the entire system.
// Even though it normally requires CAP_SYS_BOOT, a sandbox that doesn't
// block it at the seccomp level could be vulnerable if capabilities
// are misconfigured.
//
// POSSIBLE ACTIONS:
// - LINUX_REBOOT_CMD_RESTART: Reboot the system
// - LINUX_REBOOT_CMD_HALT: Halt the system
// - LINUX_REBOOT_CMD_POWER_OFF: Power off the system
// - LINUX_REBOOT_CMD_CAD_ON: Enable Ctrl-Alt-Del
// - LINUX_REBOOT_CMD_KEXEC: Execute new kernel
//
// ATTACK SCENARIO:
// 1. Sandbox with capability leak or user namespace root
// 2. Attacker calls reboot() with LINUX_REBOOT_CMD_HALT
// 3. Entire host system halts - denial of service
//
// WHY BLOCK IT:
// 1. No legitimate use case for rebooting from sandboxed code
// 2. Potential DoS if capabilities are misconfigured
// 3. Defense in depth - don't rely solely on capabilities
// 4. Easy to block with no compatibility impact
//
// WHY THIS PAYLOAD:
// This payload attempts to call reboot(). A secure sandbox must
// block this syscall entirely via seccomp as defense in depth.
//
// EXPECTED RESULT:
// Sandbox should kill the process with SIGSYS (signal 31) when
// reboot() is attempted, as it's not in the syscall whitelist.
//
// REFERENCES:
// - https://man7.org/linux/man-pages/man2/reboot.2.html
// - Docker blocks reboot: https://docs.docker.com/engine/security/seccomp/
//
// Magic values required by reboot()
int