From b14628560a972d9f1709a249207b6595ffe7ed09 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 2 Jul 2016 14:10:07 -0400 Subject: audit: seccomp --- src/faudit/syscall.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 src/faudit/syscall.c (limited to 'src/faudit/syscall.c') diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c new file mode 100644 index 000000000..11fb3730b --- /dev/null +++ b/src/faudit/syscall.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2014-2016 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#include "faudit.h" + +void syscall_helper(int argc, char **argv) { + if (strcmp(argv[2], "mount") == 0) { + mount(NULL, NULL, NULL, 0, NULL); + printf("\nUGLY: mount syscall permitted\n"); + } + else if (strcmp(argv[2], "umount2") == 0) { + umount2(NULL, 0); + printf("\nUGLY: umount2 syscall permitted\n"); + } + else if (strcmp(argv[2], "ptrace") == 0) { + ptrace(0, 0, NULL, NULL); + printf("\nUGLY: ptrace syscall permitted\n"); + } + else if (strcmp(argv[2], "swapon") == 0) { + swapon(NULL, 0); + printf("\nUGLY: swapon syscall permitted\n"); + } + else if (strcmp(argv[2], "swapoff") == 0) { + swapoff(NULL); + printf("\nUGLY: swapoff syscall permitted\n"); + } + else if (strcmp(argv[2], "init_module") == 0) { + init_module(NULL, 0, NULL); + printf("\nUGLY: init_moule syscall permitted\n"); + } + else if (strcmp(argv[2], "finit_module") == 0) { + swapoff(0, NULL, 0); + printf("\nUGLY: finit_moule syscall permitted\n"); + } + else if (strcmp(argv[2], "delete_module") == 0) { + delete_module(NULL, 0); + printf("\nUGLY: delete_moule syscall permitted\n"); + } + else if (strcmp(argv[2], "chroot") == 0) { + int rv = chroot(NULL); + (void) rv; + printf("\nUGLY: chroot syscall permitted\n"); + } + else if (strcmp(argv[2], "pivot_root") == 0) { + pivot_root(NULL, NULL); + printf("\nUGLY: pivot_root syscall permitted\n"); + } + else if (strcmp(argv[2], "iopl") == 0) { + iopl(0L); + printf("\nUGLY: iopl syscall permitted\n"); + } + else if (strcmp(argv[2], "ioperm") == 0) { + ioperm(0, 0, 0); + printf("\nUGLY: ioperm syscall permitted\n"); + } + exit(0); +} + +void syscall_run(const char *name) { + assert(prog); + + pid_t child = fork(); + if (child < 0) + errExit("fork"); + if (child == 0) { + char *cmd; + if (asprintf(&cmd, "%s syscall %s", prog, name) == -1) + errExit("asprintf"); + execl(prog, prog, "syscall", name, NULL); + exit(0); + } + + // wait for the child to finish + waitpid(child, NULL, 0); +} \ No newline at end of file -- cgit v1.2.3-70-g09d2