Databases
StackOverflow2013
Postsdbo
PORestricting listen port access
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORestricting listen port access
    text
    copied!<p>I'm trying to create a sandbox to run untrusted user code and I would like to allow users to listen on a network socket (on Linux). But I would like to limit what ports they can listen on. I have tried apparmor, but apparmor only provides an option to completely disable tcp connections. I need a more fine grained policy. </p> <p>I have also tried ptrace, but was only able to intercept the sys_socketcall syscall but was not able to get the port number. Besides, I know ptrace is not entirely secure so that would not be a proper solution. </p> <p>Here is the code that I have been trying to use to intercept the port number supplied to bind:</p> <pre><code>params[0] = ptrace(PTRACE_PEEKUSER, child, 4 * EBX, NULL); params[1] = ptrace(PTRACE_PEEKUSER, child, 4 * ECX, NULL); params[2] = ptrace(PTRACE_PEEKUSER, child, 4 * EDX, NULL); printf("SYS_socketcall called with %u\n", (int)params[0]); if(params[0] == 2){ // SYS_BIND int call = params[0]; int *args = (intptr_t*)params[1]; int socket = args[0]; struct sockaddr_in *addr = (struct sockaddr_in*)args[1]; int len = args[2]; //struct sockaddr_in *addr = (struct sockaddr_in*)args[1]; printf("BIND CALLED WITH call: %d, fd: %d, addr: %p\n", call, socket, addr); } </code></pre> <p>but it segfaults because I must be doing something wrong when getting the pointer to the sockaddr struct that is passed to the syscall. According to <a href="http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html" rel="nofollow">http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html</a> the second parameter in ECX is a pointer to argument list where arguments are [socket_fd, sockaddr*]. But it doesn't work. why?</p> <p>Is there a better way to do this than with ptrace? </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload