Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
dropper.c
Go to the documentation of this file.
1 /*
2  * Naive system call dropper built on seccomp_filter.
3  *
4  * Copyright (c) 2012 The Chromium OS Authors <[email protected]>
5  * Author: Will Drewry <[email protected]>
6  *
7  * The code may be used by anyone for any purpose,
8  * and can serve as a starting point for developing
9  * applications using prctl(PR_SET_SECCOMP, 2, ...).
10  *
11  * When run, returns the specified errno for the specified
12  * system call number against the given architecture.
13  *
14  * Run this one as root as PR_SET_NO_NEW_PRIVS is not called.
15  */
16 
17 #include <errno.h>
18 #include <linux/audit.h>
19 #include <linux/filter.h>
20 #include <linux/seccomp.h>
21 #include <linux/unistd.h>
22 #include <stdio.h>
23 #include <stddef.h>
24 #include <stdlib.h>
25 #include <sys/prctl.h>
26 #include <unistd.h>
27 
28 static int install_filter(int nr, int arch, int error)
29 {
30  struct sock_filter filter[] = {
31  BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
32  (offsetof(struct seccomp_data, arch))),
33  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, arch, 0, 3),
34  BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
35  (offsetof(struct seccomp_data, nr))),
36  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1),
37  BPF_STMT(BPF_RET+BPF_K,
38  SECCOMP_RET_ERRNO|(error & SECCOMP_RET_DATA)),
39  BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
40  };
41  struct sock_fprog prog = {
42  .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
43  .filter = filter,
44  };
45  if (prctl(PR_SET_SECCOMP, 2, &prog)) {
46  perror("prctl");
47  return 1;
48  }
49  return 0;
50 }
51 
52 int main(int argc, char **argv)
53 {
54  if (argc < 5) {
55  fprintf(stderr, "Usage:\n"
56  "dropper <syscall_nr> <arch> <errno> <prog> [<args>]\n"
57  "Hint: AUDIT_ARCH_I386: 0x%X\n"
58  " AUDIT_ARCH_X86_64: 0x%X\n"
59  "\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);
60  return 1;
61  }
62  if (install_filter(strtol(argv[1], NULL, 0), strtol(argv[2], NULL, 0),
63  strtol(argv[3], NULL, 0)))
64  return 1;
65  execv(argv[4], &argv[4]);
66  printf("Failed to execv\n");
67  return 255;
68 }
Generated on Thu Jan 10 2013 15:02:49 for Linux Kernel by   doxygen 1.8.2