Jayakrishna Menon
Reputation: 159
Find syscalls whitelisted by seccomp
So I stumbled across a program in C that uses seccomp to filter out a few syscalls. Is there anyway, other than bruteforcing, to find out the syscalls that are actually allowed.
Thanks in advance
Upvotes: 3
Views: 219
Answers (2)
tinytaro
Reputation: 390
You can refer to Kafel, write a policy and disassemble the generated eBPF code with its dump_policy_bpf tool.
Upvotes: 0
Mathieu
Reputation: 9659
If you can compile the C program, you can call seccomp_export_pfc function.
Upvotes: 1
Related Questions
- Improve INSERT-per-second performance of SQLite
- What REALLY happens when you don't free after malloc before program termination?
- Oreo: how to find all restricted syscalls at source code?
- How do I detect unsigned integer overflow?
- Speed comparison with Project Euler: C vs Python vs Erlang vs Haskell
- Why do all the C files written by my lecturer start with a single # on the first line?
- How can I find all syscalls that have to be whitelisted for seccomp?