security
and Linux and (x86-64 or AArch64) only.Expand description
Security-related features.
§Syscall sandboxing
seccomp is a Linux kernel’s syscall sandboxing feature. It allows to set up hooks for the syscalls that application is using and perform certain actions on it, such as blocking or logging. As an effect, providing an additional fence from attacks like arbitrary code execution.
seccomp filtering is applied to a thread in which enable_syscall_sandboxing
was called and
all the threads spawned by this thread. Therefore, enabling seccomp early in the main
function
enables it for the whole proccess.
All the syscalls are considered to be a security violation by default, with ViolationAction
being performed when syscall is encountered. Application need to provide a list of exception
Rule
s to enable_syscall_sandboxing
function for syscalls that it considers safe to use.
The crate provides a few common_syscall_allow_lists
to simplify configuration.
Foundations compiles and statically links with libseccomp, so it doesn’t require the lib to be installed.
§Simple case Spectre mitigation for x86_64 processors
One of the simplest Spectre attack vectors it to use x86_64’s time stamp counter. foundations
provides forbid_x86_64_cpu_cycle_counter
method that dissallows the usage of the
counter in the process, so any attempts to use the counter by malicious code will cause process
termination.
Modules§
- common_
syscall_ allow_ lists - Predefined allow lists of syscalls for commonly used operations.
Macros§
- allow_
list - A convenience macro for construction of documented lists with
Rule::Allow
s.
Structs§
- ArgCmp
Value - A value to compare syscall arguments with in comparators.
Enums§
- ArgCmp
- Syscall argument comparators to be used in
Rule
. - Rule
- A syscall exception rule to be provided to
enable_syscall_sandboxing
. - Syscall
x86-64 - Linux syscalls.
- Violation
Action - An action to be taken on seccomp sandbox violation.
Functions§
- enable_
syscall_ sandboxing - Enables seccomp-based syscall sandboxing in the current thread and all the threads spawned by it.
- forbid_
x86_ 64_ cpu_ cycle_ counter x86-64 - Forbids usage of x86_64 CPU cycle counter for Spectre mitigation.
- is_
syscall_ sandboxing_ enabled_ for_ current_ thread - Returns whether the current thread has syscall sandboxing (seccomp) enabled.
Type Aliases§
- RawOs
Error Num - A raw OS error code to be returned by
Rule::ReturnError
.