PPEC PLEDGE insulation project for Linux

The author of the standard Cosmopolitan SILLIOK and REDBean platform announced implementation pledge () insulation mechanism for Linux. Initially, the PLEDGE was developed by the OpenBSD project and allows you to selectively ban the applications for unused systemic challenges (for the application, a similarity of the white list of system calls is formed, and the rest of the calls are prohibited). Unlike the mechanisms available in Linux, access to systemic challenges, such as SecCF, the PLEDGE mechanism was originally designed with an eye on maximum simplification of use.

The initiative to insulate the basic environment of OpenBSD using the Systrace mechanism, which was completed, has shown that insulation at the level of individual system calls is too complicated and laborious. As an alternative, PLEDGE was proposed, which made it possible to create insulation rules without delving into details and manipulating ready -made access classes. For example, STDIO classes are offered (input/output), rpath (only reading files), WPATH (recording files), CPATH (Creation of files), TMPPATH (Work with temporary files), Inet (network sockets), UNIX (UNIX skaters) , DNS (resolving in DNS), GETPW (reading to the user database), iOCTL (IOCTL call), PROC (process management), Exec (launching processes) and ID (access control).

The rules for working with system calls are specified in the form of annotations, including a list of allowed class call classes and an array of file routes, which is allowed access. After the assembly and launch of a modified application, the core takes on the work of monitoring compliance with the specified rules.

Separately develops the implementation of PLEDGE for FreeBSD, which is distinguished by the possibility of insulation of applications without making changes to their code, while the PLEDGE call is aimed at close integration with the basic environment and adding annotations to the code of each application.

Разработчики порта pledge для Linux воспользовались примером FreeBSD и вместо внесения изменений в код подготовили утилиту-надстройку playdge.com , which allows you to apply restrictions without changing the application code. For example, to launch Curl utility with access to STDIO, RPATH, Inet and ThreadstDio systems, just execute “./pledge.com-p ‘stdio rpath int Thread’ curl https://example.com”

PLEDGE utility operates in all Linux distributions, starting with RHEL6, and does not require a ROOT. Additionally, on the basis of the Cosmopolitan library, create Ancles for the restrictions of the rendom. linking to certain functions of the application.

/Media reports.