lsm_bpf_check_argc0's Introduction

Check ARGC0 LSM BPF

Simple LSM BPF program to prevent program executions with argc == 0, e.g. pwnkit (CVE-2021-4034). It does nothing more than a simple check that all exec*() system calls are called with argc >= 1. The check is based on Ariadne Conill's patch.

How to build

# On Ubuntu
$ sudo apt-get install libc6-dev-i386 libbpf0 libbpf-dev

# On Fedora 35
$ sudo dnf install clang bpftool libbpf-devel glibc-devel.i686 glibc-devel.x86_64

$ make

How to install

Run:

$ sudo make DESTDIR=/usr install
# will execute following commands
# sudo cp src/load_check_argc0_lsm /usr/sbin
# sudo cp share/check_argc0_lsm.service /etc/systemd/system/

# After that you can enable the service with
$ sudo systemctl daemon-reload
$ sudo systemctl enable check_argc0_lsm.service
$ sudo systemctl start check_argc0_lsm.service

Test:

$ strace ./test/trigger
...
execve("/usr/bin/pkexec", NULL, NULL)   = -1 EINVAL (Invalid argument)

$ sudo journalctl -u check_argc0_lsm.service
Feb 10 13:27:08 purple systemd[1]: Started LSM BPF protection for argc == 0 execs.
Feb 10 13:27:13 purple load_check_argc0_lsm[89177]: TIME     PID     PROCESS          CALLING
Feb 10 13:27:13 purple load_check_argc0_lsm[89177]: 13:27:13 89194   trigger          /usr/bin/pkexec

How to test

Linux kernel >= 5.8 required for BPF LSM (5.7) and BPF rignbuf (5.8).

# The program will start, attach an LSM BPF, and monitor the log
$ sudo ./src/load_check_argc0_lsm
TIME     PID     PROCESS          CALLING
12:59:21 85689   trigger          /usr/bin/pkexec

One can use the trigger program to test that everything works:

$ strace ./test/trigger
...
execve("/usr/bin/pkexec", NULL, NULL)   = -1 EINVAL (Invalid argument)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

evdenis / lsm_bpf_check_argc0 Goto Github PK