Open S30tt opened 1 year ago
This is a good feature to support. Would love to get your code contributions to enable this.
Hey, I developed a toolkit just for that that utilizes eBPF and is tested on various use cases, Including runtime RCE. https://github.com/avilum/secimport
It is actually MITM between the interpreter and the kernel, and it is able to log and stop/kill the process in case of violation. The policy is defined in module level, and can be traced: https://github.com/avilum/secimport#the-solution
modules:
requests:
destructive: true # when true, secimport will kill on vilation instead of logging.
syscall_allowlist:
- fchmod
- getentropy
- getpgrp
- getrlimit
...
that translates to:
...
"/workspace/Python-3.10.0/Lib/logging/__init__.py": [
" clock_gettime",
" getpid",
" write"
],
"/workspace/Python-3.10.0/Lib/multiprocessing/process.py": [
" getcwd",
" getpid",
" getrandom"
],
"/workspace/Python-3.10.0/Lib/multiprocessing/util.py": [
" prlimit64"
],
"/workspace/Python-3.10.0/Lib/os.py": [
" read"
],
"/workspace/Python-3.10.0/Lib/platform.py": [
" uname"
],
"/workspace/Python-3.10.0/Lib/posixpath.py": [
" close",
" fstat",
" getcwd",
" getdents64",
" openat"
],
"/workspace/Python-3.10.0/Lib/random.py": [
" getrandom"
],
...
And compiled into an eBPF program using bpftrace.
Everything can be done using secimport's CLI
Very cool! How does one generate an accurate allow-list?
FWIW this in my eyes seems integral when actually applying this package to a codebase.
In reality, I may determine that it is OK for a particular dependency to e.g. make network calls, given the problem that it sets out to solve. Or I may determine that a particular dependency's "old/abandoned" status is OK, but may still care about it otherwise.
Describe the solution you'd like I would like the ability to control/tune the audit alerts at a package level.
Additional context By placing a packj.yaml file at project level, I would like the ability to have a global set of audit alert config and then be able to override this for a particular package. This means we still get full audit alerting but can silence or tune the values for a package we have reviewed and trust. I guess this would need to be for a version or hash incase and updated version becomes malicious.