nsjail icon indicating copy to clipboard operation
nsjail copied to clipboard
verified publisher icon google

Create a simple tool for policies definitions

Open avilum opened this issue 7 years ago • 3 comments

I couldn't find a simple tool that defines the syscalls, permissions of a program, etc. I created this simple script, based on strace and grep, that get's a list of all the unique syscalls of a binary, on the run. This way, one can whitelist some flows of a program easily, without disassembling. I'd be happy to create something bigger then that, a solution for nsjail+firejail policies definitions.

https://github.com/avilum/syscalls

avilum avatar Aug 24 '18 10:08 avilum

That's great idea. It would be nice if we have an option to display them in nsjail.

PS: I think you forgot to push your tool sources to your repo :P.

disconnect3d avatar Aug 24 '18 12:08 disconnect3d

@happyCoder92 wdyt?

robertswiecki avatar Sep 05 '18 07:09 robertswiecki

It's a neat idea. Just getting all the used syscalls is a good starting point, but may lead to lax policies. As an improvement we could have list of commonly used syscalls+args combinations, which are fairly safe and match against this list. The tool should then also output syscalls, that do not match any predefined pattern, but with a notice that proper verification and argument filtering should be done by the user.

happyCoder92 avatar Sep 07 '18 13:09 happyCoder92