14 lines
24 KiB
HTML
14 lines
24 KiB
HTML
|
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Jake's Weekly - 31st Jan 2022 | Jake Hillion</title><meta name=keywords content><meta name=description content="Research Project Process Isolation Built three privilege separated test applications.
|
|||
|
|
Wrote a privilege separated fib implementation (fib_priv_sep.c).
|
|||
|
|
Pretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn’t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary."><meta name=author content="Jake Hillion"><link rel=canonical href=https://blog.hillion.co.uk/posts/weekly-2022-01-31/><link crossorigin=anonymous href=/assets/css/stylesheet.min.48a18943c2fc15c38a372b8dde1f5e5dc0bc64fa6cb90f5a817d2f8c76b7f3ae.css integrity="sha256-SKGJQ8L8FcOKNyuN3h9eXcC8ZPpsuQ9agX0vjHa3864=" rel="preload stylesheet" as=style><script defer crossorigin=anonymous src=/assets/js/highlight.min.b95bacdc39e37a332a9f883b1e78be4abc1fdca2bc1f2641f55e3cd3dabd4d61.js integrity="sha256-uVus3DnjejMqn4g7Hni+Srwf3KK8HyZB9V4809q9TWE=" onload=hljs.initHighlightingOnLoad()></script>
|
|||
|
|
<link rel=icon href=https://blog.hillion.co.uk/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.hillion.co.uk/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.hillion.co.uk/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.hillion.co.uk/apple-touch-icon.png><link rel=mask-icon href=https://blog.hillion.co.uk/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><script async src="https://www.googletagmanager.com/gtag/js?id=G-4CXXF49E7M"></script>
|
|||
|
|
<script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-4CXXF49E7M",{anonymize_ip:!1})}</script><meta property="og:title" content="Jake's Weekly - 31st Jan 2022"><meta property="og:description" content="Research Project Process Isolation Built three privilege separated test applications.
|
|||
|
|
Wrote a privilege separated fib implementation (fib_priv_sep.c).
|
|||
|
|
Pretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn’t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary."><meta property="og:type" content="article"><meta property="og:url" content="https://blog.hillion.co.uk/posts/weekly-2022-01-31/"><meta property="article:section" content="posts"><meta property="article:published_time" content="2022-01-31T11:00:00+00:00"><meta property="article:modified_time" content="2022-01-31T11:00:00+00:00"><meta property="og:site_name" content="Jake Hillion"><meta name=twitter:card content="summary"><meta name=twitter:title content="Jake's Weekly - 31st Jan 2022"><meta name=twitter:description content="Research Project Process Isolation Built three privilege separated test applications.
|
|||
|
|
Wrote a privilege separated fib implementation (fib_priv_sep.c).
|
|||
|
|
Pretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn’t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary."><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.hillion.co.uk/posts/"},{"@type":"ListItem","position":2,"name":"Jake's Weekly - 31st Jan 2022","item":"https://blog.hillion.co.uk/posts/weekly-2022-01-31/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Jake's Weekly - 31st Jan 2022","name":"Jake\u0027s Weekly - 31st Jan 2022","description":"Research Project Process Isolation Built three privilege separated test applications.\nWrote a privilege separated fib implementation (fib_priv_sep.c).\nPretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn\u0026rsquo;t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary.","keywords":[],"articleBody":"Research Project Process Isolation Built three privilege separated test applications.\nWrote a privilege separated fib implementation (fib_priv_sep.c).\nPretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn’t for the purpose of fib. Starting to build up a structure. The files are structured to have a main implementation reminiscent of the eventual shim, while the functions like real_main would come from the eventual binary. Wrote a privilege separated echo implementation (echo_priv_sep.c).\nThis brings in some of the more advanced ideas like IPC. Currently I’m using pipes to pass the fds between processes. Another advanced idea in this program is the idea that the shim will need to spin up long running “broker” processes. Proper process separation in the echo application requires the ability to spin up new processes on demand. This application shows how that can be done. A well-privileged cloned process is spun up, and a pipe created to that for carrying arguments to the unprivileged process. This process uses its privilege to spin up new processes for each child request (in this case, per TCP flow). Uses CLONE_FS to keep the file descriptor tables synced in certain circumstances but not others. Still shares some fds that it could not though (due to copy-on-write). Wrote a privilege separated cp implementation (cp_priv_sep.c).\nThe cp implementation mainly focuses on separating out the argument processing, something not done in either of the others. This isn’t particularly well suited to C, as it’s non-trivial to serialize and deserialize things into pipes. Another alternative is sharing virtual memory down and then working from there. For now, I’m sharing a struct with a couple ofpointers. Up Next I think the best goal is to try and turn these C samples into something more general. There are three main parts so far:\nMultiple entry-points in different processes with different clone specs. IPC. Broker processes to spawn more later on. For now, I think the most useful thing will be a shim which takes an external spec. The final goal is to pull this from the ELF and incorporate it in the binary, but for now something simple like JSON would be easier to work with.\nModules Introduction to Systems Research Read Exokernel (Engler et al., 1995), Multikernel (Baumann et al., 2009) and Unikernel (Madhavapeddy et al., 2013). Reviewed Multikernel. Some interesting ideas, and a particular theme was that all of the authors appear to think that users of operating systems think like systems programmers. Something to be aware of in this project to
|
|||
|
|
<span class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></span></div><ul id=menu><li><a href=https://blog.hillion.co.uk/categories/ title=categories><span>categories</span></a></li><li><a href=https://blog.hillion.co.uk/tags/ title=tags><span>tags</span></a></li></ul></nav></header><main class=main><article class=post-single><header class=post-header><div class=breadcrumbs><a href=https://blog.hillion.co.uk/>Home</a> » <a href=https://blog.hillion.co.uk/posts/>Posts</a></div><h1 class=post-title>Jake's Weekly - 31st Jan 2022</h1><div class=post-meta><span title='2022-01-31 11:00:00 +0000 UTC'>January 31, 2022</span> · 3 min · Jake Hillion</div></header><div class=post-content><h2 id=research-project>Research Project<a hidden class=anchor aria-hidden=true href=#research-project>#</a></h2><h3 id=process-isolation>Process Isolation<a hidden class=anchor aria-hidden=true href=#process-isolation>#</a></h3><ul><li><p>Built three privilege separated test applications.</p></li><li><p>Wrote a privilege separated fib implementation (<a href=https://gitea.hillion.co.uk/JakeHillion/ocaml-cgroups2/src/branch/main/examples/fib/fib_priv_sep.c>fib_priv_sep.c</a>).</p><ul><li>Pretty basic separation as the program is trivial. In the later cp example I did privilege separate the arguments, but I didn’t for the purpose of fib.</li><li>Starting to build up a structure. The files are structured to have a <code>main</code> implementation reminiscent of the eventual shim, while the functions like <code>real_main</code> would come from the eventual binary.</li></ul></li><li><p>Wrote a privilege separated echo implementation (<a href=https://gitea.hillion.co.uk/JakeHillion/ocaml-cgroups2/src/branch/main/examples/echo/echo_priv_sep.c>echo_priv_sep.c</a>).</p><ul><li>This brings in some of the more advanced ideas like IPC. Currently I’m using pipes to pass the fds between processes.</li><li>Another advanced idea in this program is the idea that the shim will need to spin up long running “broker” processes. Proper process separation in the echo application requires the ability to spin up new processes on demand. This application shows how that can be done.<ul><li>A well-privileged cloned process is spun up, and a pipe created to that for carrying arguments to the unprivileged process.</li><li>This process uses its privilege to spin up new processes for each child request (in this case, per TCP flow).</li></ul></li><li>Uses <code>CLONE_FS</code> to keep the file descriptor tables synced in certain circumstances but not others. Still shares some fds that it could not though (due to copy-on-write).</li></ul></li><li><p>Wrote a privilege separated cp implementation (<a href=https://gitea.hillion.co.uk/JakeHillion/ocaml-cgroups2/src/branch/main/examples/cp/cp_priv_sep.c>cp_priv_sep.c</a>).</p><ul><li>The cp implementation mainly focuses on separating out the argument processing, something not done in either of the others. This isn’t particularly well suited to C, as it’s non-trivial to serialize and deserialize things into pipes. Another alternative is sharing virtual memory down and then working from there. For now, I’m sharing a stru
|
|||
|
|
<a class=next href=https://blog.hillion.co.uk/posts/weekly-2022-01-17/><span class=title>Next Page »</span><br><span>Jake's Weekly - 17th Jan 2022</span></a></nav><div class=share-buttons><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 31st Jan 2022 on twitter" href="https://twitter.com/intent/tweet/?text=Jake%27s%20Weekly%20-%2031st%20Jan%202022&url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-01-31%2f&hashtags="><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 31st Jan 2022 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-01-31%2f&title=Jake%27s%20Weekly%20-%2031st%20Jan%202022&summary=Jake%27s%20Weekly%20-%2031st%20Jan%202022&source=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-01-31%2f"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg></a><a target=_blank rel="noopener noreferrer" aria-label="share Jake's Weekly - 31st Jan 2022 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fblog.hillion.co.uk%2fposts%2fweekly-2022-01-31%2f&title=Jake%27s%20Weekly%20-%2031st%20Jan%202022"><svg viewBox="0 0 512 512"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16
|
|||
|
|
<span>Powered by
|
|||
|
|
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
|||
|
|
<a href=https://git.io/hugopapermod rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|