Understanding The Linux Kernel Through CTF Challenges: Seccomp
I am WittsEnd2, founder of Ragnar Security. Today, we will be exploring Seccomp, a Linux kernel security feature. We will explore this through the challenge insecure_seccomp from UIUCTF. Some of the things we will discuss is:
- What is Seccomp?
- Why is it useful?
- What happens when you misconfigure it and the instance has a vulnerability.
If you have not already, follow us on:
- Twitter: @RagnarSecurity
- Reddit: https://www.reddit.com/user/ragnarsecurity
- Medium : Ragnar Security.
What is Seccomp?
Seccomp is a system call in the Linux kernel which restricts what other system calls the user can execute (one of the messages Seccomp uses when a user is making an invalid system call is “Bad System Call”). It is commonly used with Docker containers to protect instances (especially with Linux servers). There are two scopes to which Seccomp can be implemented: on the entire machine or in a running program. We will be focusing on implementing Seccomp on the application level as this is the scope to which insecure_seccomp is implemented in. As an aside: Docker provides a way to pass profiles at run time so that containers have Seccomp too…
