Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Guochao's Technical Blog
  • ATC ‘18 Presentation
  • https://www.usenix.org/conference/atc18/presentation/boucher

Key Idea

  1. Process-based isolation is slow. Use:
    1. Language-based isolation: Rust. Guaranteed in compile time.
    2. Fine-grained preemption: Restrict syscalls and abort long-running tasks.

Mentioned Systems

  1. NetBricks: link
  2. Tock: link

Knowledge

Preload Dynamic Library

Use LD_PRELOAD to preload a dynamic library before any other library. Link

Example: $ LD_PRELOAD=/path/to/my/malloc.so /bin/ls.

Use ldd to list alll runtime dependencies of a binary program or a shared library.

SIGALRM

SIGALRM is a signal triggered after waiting for a certain amount of time. By default, it kills the process. In C, alarm and settimer function can call the SIGALRM syscall.

Link C Link man7

SIGSYS

A process passes a bad argument to a syscall. For example, it violates Seccomp security rules. It can also be used to emulate foreign syscalls: emulating Windows syscalls on Linux. By default, it terminates the process.

seccomp

Linux uses seccomp to restrict the process’s syscalls. It is widely used in containers.

Useful Langauge Points

  1. thwart: 阻挠