mbk/pesterchum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow disabling seccomp and update documentation.

Browse source
This commit is contained in:
Dpeta 2023-01-30 18:13:11 +01:00
parent 7dafe38c72
commit ee5ec83339
3 changed files with 33 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -92,6 +92,9 @@ Pesterchum is a Python script. This means that as long as you have Python instal
- Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency. - Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency.
- (Optional) [certifi] can provide alternative root certificates for TLS certificate validation. - (Optional) [certifi] can provide alternative root certificates for TLS certificate validation.
- Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates. - Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates.
- (Optional) [libseccomp] and its Python bindings on Linux let Pesterchum apply seccomp-bpf restrictions on itself.
- Packages on Arch: ``libseccomp python-libseccomp``
- Packages on Debian: ``libseccomp2 python-seccomp``
### WALKTHROUGH ### WALKTHROUGH

10
libseccomp.py
View file

@ -4,7 +4,7 @@ This prevents the process from using certain system calls, which has some securi
Since Python and Qt use many calls and are pretty high-level, things are prone to breaking though. Since Python and Qt use many calls and are pretty high-level, things are prone to breaking though.
Certain features like opening links almost always break. Certain features like opening links almost always break.
Uses libseccomp's Python bindings, which aren't available on the pypi. Uses libseccomp's Python bindings, which sadly aren't available on PyPi (yet).
Check your distro's package manager for python-libseccomp (Arch) or python3-seccomp (Debian). Check your distro's package manager for python-libseccomp (Arch) or python3-seccomp (Debian).
For info on system calls referencing software that uses seccomp like firejail/flatpak is useful. For info on system calls referencing software that uses seccomp like firejail/flatpak is useful.
@ -29,8 +29,8 @@ def load_seccomp_blacklist():
if seccomp is None: if seccomp is None:
pesterchum_log.warning( pesterchum_log.warning(
"Failed to import seccomp, verify you have" "Failed to import seccomp, verify you have"
" python-libseccomp (Arch) or python3-seccomp (Debian) installed" " python-libseccomp (Arch) or python3-seccomp (Debian) installed."
" and aren't running a pyinstaller build." " If this is a pyinstaller/cx_freeze build, it may also be a linking issue."
) )
return return
# Allows all calls by default. # Allows all calls by default.
@ -55,8 +55,8 @@ def load_seccomp_whitelist():
if seccomp is None: if seccomp is None:
pesterchum_log.error( pesterchum_log.error(
"Failed to import seccomp, verify you have" "Failed to import seccomp, verify you have"
" python-libseccomp (Arch) or python3-seccomp (Debian) installed" " python-libseccomp (Arch) or python3-seccomp (Debian) installed."
" and aren't running a pyinstaller build." " If this is a pyinstaller/cx_freeze build, it may also be a linking issue."
) )
return return
# Violation gives "Operation not permitted". # Violation gives "Operation not permitted".

27
pesterchum.py
View file

@ -110,15 +110,18 @@ parser.add_argument(
"--nohonk", action="store_true", help="Disables the honk soundeffect 🤡📣" "--nohonk", action="store_true", help="Disables the honk soundeffect 🤡📣"
) )
if ostools.isLinux(): if ostools.isLinux():
parser.add_argument(
"--no-seccomp",
action="store_true",
help=("Disable seccomp completely. (do this if it causes issues)"),
)
parser.add_argument( parser.add_argument(
"--strict-seccomp", "--strict-seccomp",
action="store_true", action="store_true",
help=( help=(
"Restrict the system calls Pesterchum is allowed to make via seccomp." "Apply a stricter seccomp-bpf filter that only allows required system calls."
" Has some security benefits, but since Python and Qt use many calls" " This breaks certain features like opening links."
" and are pretty high-level, things are prone to breaking." " (Requires Linux and libseccomp's Python bindings.)"
" Certain features like opening links always break."
" (Requires Linux and libseccomp's Python bindings, not available in frozen builds.)"
), ),
) )
@ -1698,11 +1701,18 @@ class PesterWindow(MovingWindow):
# Activate seccomp on Linux if enabled # Activate seccomp on Linux if enabled
if ostools.isLinux(): if ostools.isLinux():
self.seccomp(options)
def seccomp(self, options):
"""Load seccomp-bpf filter depending on arguments passed."""
if "no-seccomp" in options:
if options["no-seccomp"]:
return
try: try:
libseccomp.load_seccomp_blacklist() # Load blacklist always libseccomp.load_seccomp_blacklist() # Load blacklist filter by default
if "strict-seccomp" in options: if "strict-seccomp" in options:
if options["strict-seccomp"]: if options["strict-seccomp"]:
libseccomp.load_seccomp_whitelist() # Load whitelist if enabled libseccomp.load_seccomp_whitelist() # Load whitelist filter if enabled
except RuntimeError: except RuntimeError:
# We probably tried to interact with a call not available on this kernel. # We probably tried to interact with a call not available on this kernel.
PchumLog.exception("") PchumLog.exception("")
@ -4598,7 +4608,8 @@ class MainProgram(QtCore.QObject):
if ostools.isLinux(): if ostools.isLinux():
if args.strict_seccomp: if args.strict_seccomp:
options["strict-seccomp"] = True options["strict-seccomp"] = True
if args.no_seccomp:
options["no-seccomp"] = True
except Exception as e: except Exception as e:
print(e) print(e)
return options return options