So I stumbled across a program in C that uses seccomp to filter out a few syscalls. Is there anyway, other than bruteforcing, to find out the syscalls that are actually allowed.
Thanks in advance
Find syscalls whitelisted by seccomp
215 Views Asked by Jayakrishna Menon At
2
There are 2 best solutions below
0
tinytaro
On
You can refer to Kafel, write a policy and disassemble the generated eBPF code with its dump_policy_bpf tool.
Related Questions in C
- Passing arguments to main in C using Eclipse
- kernel module does not print packet info
- error C2016 (C requires that a struct or union has at least one member) and structs typedefs
- Drawing with ncurses, sockets and fork
- How to catch delay-import dll errors (missing dll or symbol) in MinGW(-w64)?
- Configured TTL for A record(s) backing CNAME records
- Allocating memory for pointers inside structures in functions
- Finding articulation point of undirected graph by DFS
- C first fgets() is being skipped while the second runs
- C std library don't appear to be linked in object file
- gcc static library compilation
- How to do a case-insensitive string comparison?
- C programming: Create and write 2D array of files as function
- How to read a file then store to array and then print?
- Function timeouts in C and thread
Related Questions in SYSTEM-CALLS
- Error when calling gcc with system() or popen() in Windows
- setenv, and getenv documentation
- How is a Linux kernel task's stack pointer determined for each thread?
- getrandom syscall in C not found
- How to uninitialize the entropy of /dev/urandom in C?
- Linux : /proc/<PID>/exe return path to executable '/bin/bash' for process located at '/home/<USER>/new/v'
- How to trace system calls in FreeBSD from source code?
- Two addresses in kernel Call Trace
- ret_from_syscall source code and when it is called
- Getting 'ímplicit declaration of function' error while adding a system call in Linux
- Passing custom flags to "open" in a device driver
- How to add rules in Linux kernel Makefile
- Solving mprotect() syscall failure
- Catching SIGINT signal to terminate a custom shell
- use exec with a command typed from keyboard
Related Questions in SECCOMP
- pip is not allowing me to install seccomplite
- seccomp-bpf - how can i use bpf to filter the arguments of a system call?
- Set secomp to unconfined in docker-compose
- Install seccomp filter in child
- seccomp: from parent, find which system call caused child to die on SIGSYS
- How can sigreturn block all signal except SIGKILL and SIGSTOP in SECCOMP_SET_MODE_STRICT?
- Run a process from C with a seccomp profile
- How can you security-harden a Python program?
- Getting "Bad System Call" working with seccomp filters
- When executing a compiled C/C++ file with below code using seccomp and execve, it is exiting with status code 159 and signal 31
- Enabling seccomp strict mode gets "Invalid Argument" error on Replit
- Why does loading seccomp filter affect permitted and effective capability set?
- Is it possible to apply a Linux kernel SECCOMP profile from a Go process?
- Catch seccomp violation of Docker container
- Pointer return values in seccomp systemcall trap functions
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If you can compile the C program, you can call seccomp_export_pfc function.