SlideShare a Scribd company logo

Pledge in OpenBSD

Giovanni Bechis
Giovanni Bechis

Pledge is a new mitigation technique available in the OpenBSD operating system. It is used to disable system calls a process is not allowed to call.

Software
1 of 18
Download to read offline
pledge(2): mitigating security bugs Giovanni Bechis <giovanni@openbsd.org> pkgsrcCon 2017, London
About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects
Mitigations stack protector ASLR WˆX priv-sep and priv-drop
dangerous system calls Disable system calls a process should not call SE Linux seccomp Capsicum systrace pledge(2)
pledge(2) introduced in OpenBSD 5.8 as tame(2), than renamed to pledge(2) around 500 programs with pledge(2) support in base around 50 ports patched to have pledge(2) support (unzip, mutt, memcached, chromium, ...)
pledge(2) A new way of approaching the problem study the program figure out all syscalls the program needs promise only the operations that are really needed ktrace(1) and gdb(1) if something goes wrong
pledge(2) program is annotated with pledge(2) calls/promises kernel enforces annotations and kills the program that does not respect promises
pledge(2) promises #include <unistd.h> int pledge(const char *promises, const char *paths[]); ””: exit(2) stdio: malloc + rw stdio rpath, wpath, cpath, tmppath: open files fattr: explicit changes to ”fd” (chmod & friends) unix, inet: open sockets dns: dns requests route: routing operations sendfd: sends file descriptors via sendmsg(2) recvfd: receive file descriptors via recvmsg(2) getpw: passwd/group file access ioctl: small subset of ioctls is permitted tty: subset of ioctl for tty operations proc: fork(2), vfork(2), kill(2) and other processes related operations exec: execve(2) is allowed to create another process which will be unpledged settime: allows to set the system time pf: allows a subset of ioctl(2) operations on pf(4) device
pledge(2) logging dmesg(8) on OpenBSD ≤ 6.1 lastcomm(1) and daily(8) on OpenBSD ≥ 6.2 (with accounting enabled)
pledge(2) logging rm - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) ls - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) rm - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) hello -DXP giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.16) cc - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.64)
pledge(2) logging From root@bigio.paclan.it Sat Jun 17 16:08:46 2017 Delivered-To: root@bigio.paclan.it From: Charlie Root <root@bigio.paclan.it> To: root@bigio.paclan.it Subject: bigio.paclan.it daily output OpenBSD 6.1-current (GENERIC) #1: Fri Jun 16 22:37:23 CEST 2017 giovanni@bigio.paclan.it:/usr/src/sys/arch/amd64/compile/GENERIC 4:08PM up 35 mins, 3 users, load averages: 0.26, 0.13, 0.10 Purging accounting records: hello -DXP giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.16)
let’s hack #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { FILE *fd; if(pledge("stdio", NULL) != -1) { printf("Hello pkgsrcCon !n"); if((fd = fopen("/etc/passwd", "r"))) { printf("Passwd file openedn"); fclose(fd); } return 1; } else { return 0; } }
let’s hack use OpenBSD::Pledge; my $file = "/usr/share/dict/words"; pledge(qw( rpath )) || die "Unable to pledge: $!"; open my $fh, ’<’, $file or die "Unable to open $file: $!n"; while ( readline($fh) ) { print if /pledge/i; } close $fh; system("ls");
let’s hack Index: worms.c =================================================================== RCS file: /var/cvs/src/games/worms/worms.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -p -r1.22 -r1.23 --- worms.c 18 Feb 2015 23:16:08 -0000 1.22 +++ worms.c 21 Nov 2015 05:29:42 -0000 1.23 @@ -1,4 +1,4 @@ -/* $OpenBSD: worms.c,v 1.22 2015/02/18 23:16:08 tedu Exp $ */ +/* $OpenBSD: worms.c,v 1.23 2015/11/21 05:29:42 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -182,6 +182,9 @@ main(int argc, char *argv[]) struct termios term; speed_t speed; time_t delay = 0; + + if (pledge("stdio rpath tty", NULL) == -1) + err(1, "pledge"); /* set default delay based on terminal baud rate */ if (tcgetattr(STDOUT_FILENO, &term) == 0 &&
let’s hack, ports(7) $OpenBSD: patch-memcached_c,v 1.11 2016/09/02 14:20:31 giovanni Exp $ --- memcached.c.orig Fri Jun 24 19:41:24 2016 +++ memcached.c Thu Jun 30 00:02:09 2016 @@ -23,6 +23,7 @@ #include <sys/uio.h> #include <ctype.h> #include <stdarg.h> +#include <unistd.h> /* some POSIX systems need the following definition * to get mlockall flags out of sys/mman.h. */ @@ -6100,6 +6101,32 @@ int main (int argc, char **argv) { if (pid_file != NULL) { save_pid(pid_file); + } + + if (settings.socketpath != NULL) { + if (pid_file != NULL) { + if (pledge("stdio cpath unix", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } else { + if (pledge("stdio unix", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } + } else { + if (pid_file != NULL) { + if (pledge("stdio cpath inet", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } else { + if (pledge("stdio inet", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } } /* Drop privileges no longer needed */
what to do if something goes wrong ? 94140 hello CALL write(1,0xb56246ae000,0x8) 94140 hello GIO fd 1 wrote 8 bytes "Hello pkgsrcCon ! " 94140 hello RET write 8 94140 hello CALL kbind(0x7f7ffffcbee8,24,0x73b422cd44dee9e4) 94140 hello RET kbind 0 94140 hello CALL open(0xb53f8a00b20,0<O_RDONLY>) 94140 hello NAMI "/etc/passwd" 94140 hello PLDG open, "rpath", errno 1 Operation not permitted 94140 hello PSIG SIGABRT SIG_DFL 94140 hello NAMI "hello.core"
what to do if something goes wrong ? $ gdb hello hello.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.1"... Core was generated by ‘hello’. Program terminated with signal 6, Aborted. Loaded symbols for /home/data/server/dati/Documenti/convegni/pkgsrcCon 2017/src/hello Reading symbols from /usr/lib/libc.so.89.5...done. Loaded symbols for /usr/lib/libc.so.89.5 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so #0 0x000009f584a507aa in _thread_sys_open () at {standard input}:5 5 {standard input}: No such file or directory. in {standard input} (gdb) bt #0 0x000009f584a507aa in _thread_sys_open () at {standard input}:5 #1 0x000009f584a3f559 in *_libc_open_cancel (path=Variable "path" is not available. ) at /usr/src/lib/libc/sys/w_open.c:36 #2 0x000009f584aaab82 in *_libc_fopen (file=0x9f2b8b00b20 "/etc/passwd", mode=Variable "mode" is not available. ) at /usr/src/lib/libc/stdio/fopen.c:54 #3 0x000009f2b8a005dc in main (argc=1, argv=0x7f7ffffc3c58) at hello.c:8 Current language: auto; currently asm (gdb)
The future ?

Recommended

Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Giovanni Bechis
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
Preparation for mit ose lab4
Preparation for mit ose lab4Preparation for mit ose lab4
Preparation for mit ose lab4Benux Wei
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
System Calls
System CallsSystem Calls
System CallsDavid Evans
 

Recommended

Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Giovanni Bechis
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
Preparation for mit ose lab4
Preparation for mit ose lab4Preparation for mit ose lab4
Preparation for mit ose lab4Benux Wei
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
System Calls
System CallsSystem Calls
System CallsDavid Evans
 
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingDavid Evans
 
ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2Shuya Osaki
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux FirewallMarian Marinov
 
How to make a large C++-code base manageable
How to make a large C++-code base manageableHow to make a large C++-code base manageable
How to make a large C++-code base manageablecorehard_by
 
Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdumpAdrien Mahieux
 
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)Ontico
 
Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Ryousei Takano
 
What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)David Evans
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychainAlexey Troshichev
 
The origin: Init (compact version)
The origin: Init (compact version)The origin: Init (compact version)
The origin: Init (compact version)Tzung-Bi Shih
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
Ctf hello,world!
Ctf hello,world! Ctf hello,world!
Ctf hello,world! Hacks in Taiwan (HITCON)
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
IL: 失われたプロトコル
IL: 失われたプロトコルIL: 失われたプロトコル
IL: 失われたプロトコルRyousei Takano
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Gavin Guo
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Ontico
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertorToshiaki Baba
 
Oracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docxOracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docxtricantino1973
 
PyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by examplePyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by exampleYunWon Jeong
 

More Related Content

What's hot

SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingDavid Evans
 
ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2Shuya Osaki
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux FirewallMarian Marinov
 
How to make a large C++-code base manageable
How to make a large C++-code base manageableHow to make a large C++-code base manageable
How to make a large C++-code base manageablecorehard_by
 
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)Ontico
 
Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Ryousei Takano
 
What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)David Evans
 
The origin: Init (compact version)
The origin: Init (compact version)The origin: Init (compact version)
The origin: Init (compact version)Tzung-Bi Shih
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
IL: 失われたプロトコル
IL: 失われたプロトコルIL: 失われたプロトコル
IL: 失われたプロトコルRyousei Takano
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Gavin Guo
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Ontico
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertorToshiaki Baba
 

What's hot (20)

SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and SchedulingSSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
 
ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2ハイパフォーマンスブラウザネットワーキング2
ハイパフォーマンスブラウザネットワーキング2
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewall
 
How to make a large C++-code base manageable
How to make a large C++-code base manageableHow to make a large C++-code base manageable
How to make a large C++-code base manageable
 
Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdump
 
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
Масштабируемая конфигурация Nginx, Игорь Сысоев (Nginx)
 
Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)Plan 9カーネルにおけるTCP/IP実装(未完)
Plan 9カーネルにおけるTCP/IP実装(未完)
 
What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)What the &~#@&lt;!? (Pointers in Rust)
What the &~#@&lt;!? (Pointers in Rust)
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
 
The origin: Init (compact version)
The origin: Init (compact version)The origin: Init (compact version)
The origin: Init (compact version)
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry manager
 
Ctf hello,world!
Ctf hello,world! Ctf hello,world!
Ctf hello,world!
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administration
 
IL: 失われたプロトコル
IL: 失われたプロトコルIL: 失われたプロトコル
IL: 失われたプロトコル
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architecture
 
A little systemtap
A little systemtapA little systemtap
A little systemtap
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertor
 

Similar to Pledge in OpenBSD

Oracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docxOracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docxtricantino1973
 
PyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by examplePyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by exampleYunWon Jeong
 
Biicode OpenExpoDay
Biicode OpenExpoDayBiicode OpenExpoDay
Biicode OpenExpoDayfcofdezc
 
ELC-E Linux Awareness
ELC-E Linux AwarenessELC-E Linux Awareness
ELC-E Linux AwarenessPeter Griffin
 
PythonBrasil[8] - CPython for dummies
PythonBrasil[8] - CPython for dummiesPythonBrasil[8] - CPython for dummies
PythonBrasil[8] - CPython for dummiesTatiana Al-Chueyr
 
Multiplatform JIT Code Generator for NetBSD by Alexander Nasonov
Multiplatform JIT Code Generator for NetBSD by Alexander NasonovMultiplatform JIT Code Generator for NetBSD by Alexander Nasonov
Multiplatform JIT Code Generator for NetBSD by Alexander Nasonoveurobsdcon
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)Maarten Mulders
 
44 con slides
44 con slides44 con slides
44 con slidesgeeksec80
 
44 con slides (1)
44 con slides (1)44 con slides (1)
44 con slides (1)geeksec80
 
Velocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard WayVelocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard WayCosimo Streppone
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
 
Gpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaGpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaFerdinand Jamitzky
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...DevSecCon
 
IoT with openHAB on pcDuino3B
IoT with openHAB on pcDuino3BIoT with openHAB on pcDuino3B
IoT with openHAB on pcDuino3BJingfeng Liu
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyRay Song
 
Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Maarten Mulders
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
 

Similar to Pledge in OpenBSD (20)

Oracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docxOracle-GoldenGate-18c-Workshop-Lab-16.docx
Oracle-GoldenGate-18c-Workshop-Lab-16.docx
 
PyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by examplePyCon KR 2019 sprint - RustPython by example
PyCon KR 2019 sprint - RustPython by example
 
Biicode OpenExpoDay
Biicode OpenExpoDayBiicode OpenExpoDay
Biicode OpenExpoDay
 
ELC-E Linux Awareness
ELC-E Linux AwarenessELC-E Linux Awareness
ELC-E Linux Awareness
 
PythonBrasil[8] - CPython for dummies
PythonBrasil[8] - CPython for dummiesPythonBrasil[8] - CPython for dummies
PythonBrasil[8] - CPython for dummies
 
Multiplatform JIT Code Generator for NetBSD by Alexander Nasonov
Multiplatform JIT Code Generator for NetBSD by Alexander NasonovMultiplatform JIT Code Generator for NetBSD by Alexander Nasonov
Multiplatform JIT Code Generator for NetBSD by Alexander Nasonov
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)
 
44 con slides
44 con slides44 con slides
44 con slides
 
44 con slides (1)
44 con slides (1)44 con slides (1)
44 con slides (1)
 
Velocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard WayVelocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard Way
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Gpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaGpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cuda
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...
 
IoT with openHAB on pcDuino3B
IoT with openHAB on pcDuino3BIoT with openHAB on pcDuino3B
IoT with openHAB on pcDuino3B
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)
 
Metasploitable
MetasploitableMetasploitable
Metasploitable
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)
 

More from Giovanni Bechis

SpamAssassin 4.0 new features
SpamAssassin 4.0 new featuresSpamAssassin 4.0 new features
SpamAssassin 4.0 new featuresGiovanni Bechis
 
ACME and mod_md: tls certificates made easy
ACME and mod_md: tls certificates made easyACME and mod_md: tls certificates made easy
ACME and mod_md: tls certificates made easyGiovanni Bechis
 
Scaling antispam solutions with Puppet
Scaling antispam solutions with PuppetScaling antispam solutions with Puppet
Scaling antispam solutions with PuppetGiovanni Bechis
 
What's new in SpamAssassin 3.4.3
What's new in SpamAssassin 3.4.3What's new in SpamAssassin 3.4.3
What's new in SpamAssassin 3.4.3Giovanni Bechis
 
Fighting Spam for fun and profit
Fighting Spam for fun and profitFighting Spam for fun and profit
Fighting Spam for fun and profitGiovanni Bechis
 
ELK: a log management framework
ELK: a log management frameworkELK: a log management framework
ELK: a log management frameworkGiovanni Bechis
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
SOGo: sostituire Microsoft Exchange con software Open Source
SOGo: sostituire Microsoft Exchange con software Open SourceSOGo: sostituire Microsoft Exchange con software Open Source
SOGo: sostituire Microsoft Exchange con software Open SourceGiovanni Bechis
 
Cloud storage, i tuoi files, ovunque con te
Cloud storage, i tuoi files, ovunque con teCloud storage, i tuoi files, ovunque con te
Cloud storage, i tuoi files, ovunque con teGiovanni Bechis
 
Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDGiovanni Bechis
 
Openssh: comunicare in sicurezza
Openssh: comunicare in sicurezzaOpenssh: comunicare in sicurezza
Openssh: comunicare in sicurezzaGiovanni Bechis
 
Ipv6: il futuro di internet
Ipv6: il futuro di internetIpv6: il futuro di internet
Ipv6: il futuro di internetGiovanni Bechis
 
L'ABC della crittografia
L'ABC della crittografiaL'ABC della crittografia
L'ABC della crittografiaGiovanni Bechis
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Pf e netfilter, analisi dei firewall open source
Pf e netfilter, analisi dei firewall open sourcePf e netfilter, analisi dei firewall open source
Pf e netfilter, analisi dei firewall open sourceGiovanni Bechis
 

More from Giovanni Bechis (20)

the Apache way
the Apache waythe Apache way
the Apache way
 
SpamAssassin 4.0 new features
SpamAssassin 4.0 new featuresSpamAssassin 4.0 new features
SpamAssassin 4.0 new features
 
ACME and mod_md: tls certificates made easy
ACME and mod_md: tls certificates made easyACME and mod_md: tls certificates made easy
ACME and mod_md: tls certificates made easy
 
Scaling antispam solutions with Puppet
Scaling antispam solutions with PuppetScaling antispam solutions with Puppet
Scaling antispam solutions with Puppet
 
What's new in SpamAssassin 3.4.3
What's new in SpamAssassin 3.4.3What's new in SpamAssassin 3.4.3
What's new in SpamAssassin 3.4.3
 
Fighting Spam for fun and profit
Fighting Spam for fun and profitFighting Spam for fun and profit
Fighting Spam for fun and profit
 
ELK: a log management framework
ELK: a log management frameworkELK: a log management framework
ELK: a log management framework
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 
LibreSSL
LibreSSLLibreSSL
LibreSSL
 
SOGo: sostituire Microsoft Exchange con software Open Source
SOGo: sostituire Microsoft Exchange con software Open SourceSOGo: sostituire Microsoft Exchange con software Open Source
SOGo: sostituire Microsoft Exchange con software Open Source
 
Cloud storage, i tuoi files, ovunque con te
Cloud storage, i tuoi files, ovunque con teCloud storage, i tuoi files, ovunque con te
Cloud storage, i tuoi files, ovunque con te
 
Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSD
 
Openssh: comunicare in sicurezza
Openssh: comunicare in sicurezzaOpenssh: comunicare in sicurezza
Openssh: comunicare in sicurezza
 
Ipv6: il futuro di internet
Ipv6: il futuro di internetIpv6: il futuro di internet
Ipv6: il futuro di internet
 
L'ABC della crittografia
L'ABC della crittografiaL'ABC della crittografia
L'ABC della crittografia
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD
 
Pf e netfilter, analisi dei firewall open source
Pf e netfilter, analisi dei firewall open sourcePf e netfilter, analisi dei firewall open source
Pf e netfilter, analisi dei firewall open source
 
Mysql diventa grande
Mysql diventa grandeMysql diventa grande
Mysql diventa grande
 

Recently uploaded

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Recently uploaded (20)

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

Pledge in OpenBSD

  • 1. pledge(2): mitigating security bugs Giovanni Bechis <giovanni@openbsd.org> pkgsrcCon 2017, London
  • 2. About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects
  • 4. dangerous system calls Disable system calls a process should not call SE Linux seccomp Capsicum systrace pledge(2)
  • 5. pledge(2) introduced in OpenBSD 5.8 as tame(2), than renamed to pledge(2) around 500 programs with pledge(2) support in base around 50 ports patched to have pledge(2) support (unzip, mutt, memcached, chromium, ...)
  • 6. pledge(2) A new way of approaching the problem study the program figure out all syscalls the program needs promise only the operations that are really needed ktrace(1) and gdb(1) if something goes wrong
  • 7. pledge(2) program is annotated with pledge(2) calls/promises kernel enforces annotations and kills the program that does not respect promises
  • 8. pledge(2) promises #include <unistd.h> int pledge(const char *promises, const char *paths[]); ””: exit(2) stdio: malloc + rw stdio rpath, wpath, cpath, tmppath: open files fattr: explicit changes to ”fd” (chmod & friends) unix, inet: open sockets dns: dns requests route: routing operations sendfd: sends file descriptors via sendmsg(2) recvfd: receive file descriptors via recvmsg(2) getpw: passwd/group file access ioctl: small subset of ioctls is permitted tty: subset of ioctl for tty operations proc: fork(2), vfork(2), kill(2) and other processes related operations exec: execve(2) is allowed to create another process which will be unpledged settime: allows to set the system time pf: allows a subset of ioctl(2) operations on pf(4) device
  • 9. pledge(2) logging dmesg(8) on OpenBSD ≤ 6.1 lastcomm(1) and daily(8) on OpenBSD ≥ 6.2 (with accounting enabled)
  • 10. pledge(2) logging rm - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) ls - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) rm - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.00) hello -DXP giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.16) cc - giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.64)
  • 11. pledge(2) logging From root@bigio.paclan.it Sat Jun 17 16:08:46 2017 Delivered-To: root@bigio.paclan.it From: Charlie Root <root@bigio.paclan.it> To: root@bigio.paclan.it Subject: bigio.paclan.it daily output OpenBSD 6.1-current (GENERIC) #1: Fri Jun 16 22:37:23 CEST 2017 giovanni@bigio.paclan.it:/usr/src/sys/arch/amd64/compile/GENERIC 4:08PM up 35 mins, 3 users, load averages: 0.26, 0.13, 0.10 Purging accounting records: hello -DXP giovanni ttyp1 0.00 secs Sat Jun 17 15:56 (0:00:00.16)
  • 12. let’s hack #include <stdio.h> #include <unistd.h> int main(int argc, char **argv) { FILE *fd; if(pledge("stdio", NULL) != -1) { printf("Hello pkgsrcCon !n"); if((fd = fopen("/etc/passwd", "r"))) { printf("Passwd file openedn"); fclose(fd); } return 1; } else { return 0; } }
  • 13. let’s hack use OpenBSD::Pledge; my $file = "/usr/share/dict/words"; pledge(qw( rpath )) || die "Unable to pledge: $!"; open my $fh, ’<’, $file or die "Unable to open $file: $!n"; while ( readline($fh) ) { print if /pledge/i; } close $fh; system("ls");
  • 14. let’s hack Index: worms.c =================================================================== RCS file: /var/cvs/src/games/worms/worms.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -p -r1.22 -r1.23 --- worms.c 18 Feb 2015 23:16:08 -0000 1.22 +++ worms.c 21 Nov 2015 05:29:42 -0000 1.23 @@ -1,4 +1,4 @@ -/* $OpenBSD: worms.c,v 1.22 2015/02/18 23:16:08 tedu Exp $ */ +/* $OpenBSD: worms.c,v 1.23 2015/11/21 05:29:42 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -182,6 +182,9 @@ main(int argc, char *argv[]) struct termios term; speed_t speed; time_t delay = 0; + + if (pledge("stdio rpath tty", NULL) == -1) + err(1, "pledge"); /* set default delay based on terminal baud rate */ if (tcgetattr(STDOUT_FILENO, &term) == 0 &&
  • 15. let’s hack, ports(7) $OpenBSD: patch-memcached_c,v 1.11 2016/09/02 14:20:31 giovanni Exp $ --- memcached.c.orig Fri Jun 24 19:41:24 2016 +++ memcached.c Thu Jun 30 00:02:09 2016 @@ -23,6 +23,7 @@ #include <sys/uio.h> #include <ctype.h> #include <stdarg.h> +#include <unistd.h> /* some POSIX systems need the following definition * to get mlockall flags out of sys/mman.h. */ @@ -6100,6 +6101,32 @@ int main (int argc, char **argv) { if (pid_file != NULL) { save_pid(pid_file); + } + + if (settings.socketpath != NULL) { + if (pid_file != NULL) { + if (pledge("stdio cpath unix", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } else { + if (pledge("stdio unix", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } + } else { + if (pid_file != NULL) { + if (pledge("stdio cpath inet", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } else { + if (pledge("stdio inet", NULL) == -1) { + fprintf(stderr, "%s: pledge: %sn", argv[0], strerror(errno)); + exit(1); + } + } } /* Drop privileges no longer needed */
  • 16. what to do if something goes wrong ? 94140 hello CALL write(1,0xb56246ae000,0x8) 94140 hello GIO fd 1 wrote 8 bytes "Hello pkgsrcCon ! " 94140 hello RET write 8 94140 hello CALL kbind(0x7f7ffffcbee8,24,0x73b422cd44dee9e4) 94140 hello RET kbind 0 94140 hello CALL open(0xb53f8a00b20,0<O_RDONLY>) 94140 hello NAMI "/etc/passwd" 94140 hello PLDG open, "rpath", errno 1 Operation not permitted 94140 hello PSIG SIGABRT SIG_DFL 94140 hello NAMI "hello.core"
  • 17. what to do if something goes wrong ? $ gdb hello hello.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.1"... Core was generated by ‘hello’. Program terminated with signal 6, Aborted. Loaded symbols for /home/data/server/dati/Documenti/convegni/pkgsrcCon 2017/src/hello Reading symbols from /usr/lib/libc.so.89.5...done. Loaded symbols for /usr/lib/libc.so.89.5 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so #0 0x000009f584a507aa in _thread_sys_open () at {standard input}:5 5 {standard input}: No such file or directory. in {standard input} (gdb) bt #0 0x000009f584a507aa in _thread_sys_open () at {standard input}:5 #1 0x000009f584a3f559 in *_libc_open_cancel (path=Variable "path" is not available. ) at /usr/src/lib/libc/sys/w_open.c:36 #2 0x000009f584aaab82 in *_libc_fopen (file=0x9f2b8b00b20 "/etc/passwd", mode=Variable "mode" is not available. ) at /usr/src/lib/libc/stdio/fopen.c:54 #3 0x000009f2b8a005dc in main (argc=1, argv=0x7f7ffffc3c58) at hello.c:8 Current language: auto; currently asm (gdb)