From ee5ec83339b56da8c682add16176312d7f1c1bb1 Mon Sep 17 00:00:00 2001 From: Dpeta <69427753+Dpeta@users.noreply.github.com> Date: Mon, 30 Jan 2023 18:13:11 +0100 Subject: [PATCH] Allow disabling seccomp and update documentation. --- README.md | 3 +++ libseccomp.py | 10 +++++----- pesterchum.py | 39 +++++++++++++++++++++++++-------------- 3 files changed, 33 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 6e12a1f..1e62636 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,9 @@ Pesterchum is a Python script. This means that as long as you have Python instal - Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency. - (Optional) [certifi] can provide alternative root certificates for TLS certificate validation. - Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates. + - (Optional) [libseccomp] and its Python bindings on Linux let Pesterchum apply seccomp-bpf restrictions on itself. + - Packages on Arch: ``libseccomp python-libseccomp`` + - Packages on Debian: ``libseccomp2 python-seccomp`` ### WALKTHROUGH diff --git a/libseccomp.py b/libseccomp.py index 0d79e73..19e6a74 100644 --- a/libseccomp.py +++ b/libseccomp.py @@ -4,7 +4,7 @@ This prevents the process from using certain system calls, which has some securi Since Python and Qt use many calls and are pretty high-level, things are prone to breaking though. Certain features like opening links almost always break. -Uses libseccomp's Python bindings, which aren't available on the pypi. +Uses libseccomp's Python bindings, which sadly aren't available on PyPi (yet). Check your distro's package manager for python-libseccomp (Arch) or python3-seccomp (Debian). For info on system calls referencing software that uses seccomp like firejail/flatpak is useful. @@ -29,8 +29,8 @@ def load_seccomp_blacklist(): if seccomp is None: pesterchum_log.warning( "Failed to import seccomp, verify you have" - " python-libseccomp (Arch) or python3-seccomp (Debian) installed" - " and aren't running a pyinstaller build." + " python-libseccomp (Arch) or python3-seccomp (Debian) installed." + " If this is a pyinstaller/cx_freeze build, it may also be a linking issue." ) return # Allows all calls by default. @@ -55,8 +55,8 @@ def load_seccomp_whitelist(): if seccomp is None: pesterchum_log.error( "Failed to import seccomp, verify you have" - " python-libseccomp (Arch) or python3-seccomp (Debian) installed" - " and aren't running a pyinstaller build." + " python-libseccomp (Arch) or python3-seccomp (Debian) installed." + " If this is a pyinstaller/cx_freeze build, it may also be a linking issue." ) return # Violation gives "Operation not permitted". diff --git a/pesterchum.py b/pesterchum.py index 7460a4d..0f75626 100755 --- a/pesterchum.py +++ b/pesterchum.py @@ -110,15 +110,18 @@ parser.add_argument( "--nohonk", action="store_true", help="Disables the honk soundeffect 🤡📣" ) if ostools.isLinux(): + parser.add_argument( + "--no-seccomp", + action="store_true", + help=("Disable seccomp completely. (do this if it causes issues)"), + ) parser.add_argument( "--strict-seccomp", action="store_true", help=( - "Restrict the system calls Pesterchum is allowed to make via seccomp." - " Has some security benefits, but since Python and Qt use many calls" - " and are pretty high-level, things are prone to breaking." - " Certain features like opening links always break." - " (Requires Linux and libseccomp's Python bindings, not available in frozen builds.)" + "Apply a stricter seccomp-bpf filter that only allows required system calls." + " This breaks certain features like opening links." + " (Requires Linux and libseccomp's Python bindings.)" ), ) @@ -1698,14 +1701,21 @@ class PesterWindow(MovingWindow): # Activate seccomp on Linux if enabled if ostools.isLinux(): - try: - libseccomp.load_seccomp_blacklist() # Load blacklist always - if "strict-seccomp" in options: - if options["strict-seccomp"]: - libseccomp.load_seccomp_whitelist() # Load whitelist if enabled - except RuntimeError: - # We probably tried to interact with a call not available on this kernel. - PchumLog.exception("") + self.seccomp(options) + + def seccomp(self, options): + """Load seccomp-bpf filter depending on arguments passed.""" + if "no-seccomp" in options: + if options["no-seccomp"]: + return + try: + libseccomp.load_seccomp_blacklist() # Load blacklist filter by default + if "strict-seccomp" in options: + if options["strict-seccomp"]: + libseccomp.load_seccomp_whitelist() # Load whitelist filter if enabled + except RuntimeError: + # We probably tried to interact with a call not available on this kernel. + PchumLog.exception("") @QtCore.pyqtSlot(QString, QString) def updateMsg(self, ver, url): @@ -4598,7 +4608,8 @@ class MainProgram(QtCore.QObject): if ostools.isLinux(): if args.strict_seccomp: options["strict-seccomp"] = True - + if args.no_seccomp: + options["no-seccomp"] = True except Exception as e: print(e) return options