• Home

  • Technology

  • Playing in the sandbox - GStreamer security (GStreamer Conference 2012)
28
Playing in the sandbox Guillaume Emont - Igalia [email protected]

Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

  • Upload
    igalia

  • View
    250

  • Download
    2

Tags:

Embed Size (px)

Citation preview

Page 1: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Playing in the sandbox

Guillaume Emont - [email protected]

Page 2: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

I. What do we want to solve?

Page 3: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Internets = cute videos of [insert favourite animal]

Page 4: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Trustworthy?

Page 5: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Complex software written byhuman beings can have bugs.

Page 6: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)
Page 7: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)
Page 8: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Ophiocordyceps unilateralis

Page 9: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

The piece of software thathandles untrusted video:

• is not evil in itself

• should be considered evil when it starts to handle untrusted data

Page 10: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

1. Take resources2. Drop privileges3. Handle dodgy data

Page 11: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

II. Experimentations

Page 12: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

sandboxeddecodebin

Page 13: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)
Page 14: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

1. Take resources => ->READY2. Drop privileges3. Handle dodgy data => ->PAUSED->PLAYING

Page 15: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Issues:

• resources acquired when going to PAUSED • clean up

Page 16: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Potential solutions:

• finer grained sandbox • modify elements to acquire everything at ->READY? • add an all-resources-acquired signal? • have a controlling process do the clean up

Page 17: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Other big limitations:

• no upstream communication => no seeking • overhead: 720p ogg/theora on my i5: 20-30% -> 30-40% cpu

Page 18: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

III. Usable sandbox implementations on Linux

Page 19: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Setuid-sandbox (CLONE_NEWPID + separate uid/gid + chroot)

• prevents access to data outside of chroot • in kernel since 2.6.24 • ideally needs a pool of UIDs/GIDs • not very granular

Page 20: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Seccomp

• only read(), write(), exit(), sigreturn() • applied to a thread • in kernel since 2.6.10

Page 21: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Seccomp + BPF

• filters on syscalls and their arguments • libseccomp to make it easier • in kernel since 3.5

Page 22: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

SELinux

• by process • quite fine grained • rules set by administrator/distribution, developers • not standard

Page 23: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

IV. Going Forward

Page 24: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Better IPC: GstPadProxy, GstElementProxy & friends => control over a remote pipeline

Page 25: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Put the whole pipeline process in the sandbox => shouldn't be complicated with a granular sandbox

Page 26: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Architecture that is agnosticto the sandboxing system used

Page 27: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Performances: profile, optimise

Page 28: Playing in the sandbox - GStreamer security (GStreamer Conference 2012)

Thank You

[email protected]://guij.emont.org/blog/https://github.com/guijemont/Sandboxed-Player

Image Credits:Sandbox: Public Domain by Hyena http://en.wikipedia.org/wiki/File:Sandpit.jpgbeer: CC BY-NC-SA 2.0 Martin Ibert http://www.flickr.com/photos/mar_ibert/zombie ant: CC BY 2.5 http://en.wikipedia.org/wiki/File:Ophiocordyceps_unilateralis.pngbug: CC BY 2.0 by ThreeHeadedMonkey http://www.flickr.com/photos/threeheadedmonkey/3856171871/


Playing In The Reader X Sandbox - paper.bobylive.com · © 2011 IBM Corporation Playing In The Reader X Sandbox Paul Sabanal IBM X-Force Advanced Research sabanap[at]ph.ibm.com, polsab78[at]gmail.com

Playing In The Reader X Sandbox - paper.bobylive.com · © 2011 IBM Corporation Playing In The Reader X Sandbox Paul Sabanal IBM X-Force Advanced Research sabanap[at]ph.ibm.com, polsab78[at]gmail.com

Documents
Playing in the SharePoint SandBox

Playing in the SharePoint SandBox

Technology
GStreamer Past – Present - Future · GStreamer Past – Present - Future Wim Taymans (wim.taymans@gmail.com) 26 oct 2010 – GStreamer Conference Cambridge, UK

GStreamer Past – Present - Future · GStreamer Past – Present - Future Wim Taymans ([email protected]) 26 oct 2010 – GStreamer Conference Cambridge, UK

Documents
GStreamer and OpenMAX IL - Plug-and-Play · GStreamer and OpenMAX IL Plug-and-Play Felipe Contreras felipe.contreras@nokia.com April 17, 2008. GStreamer What is GStreamer? GStreamer

GStreamer and OpenMAX IL - Plug-and-Play · GStreamer and OpenMAX IL Plug-and-Play Felipe Contreras [email protected] April 17, 2008. GStreamer What is GStreamer? GStreamer

Documents
Playing Nice in the Sandbox of Life: Working on a Team

Playing Nice in the Sandbox of Life: Working on a Team

Documents
GStreamer - Part 3

GStreamer - Part 3

Documents
SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

SandboxLIVE Maples PPT · Sandbox Social Media Sandbox Webinar Sandbox Resource Library Sandbox Exhibitor Academy Sandbox TV Sandbox LIVE. Sandbox Exchange. Sandbox Social Media

Documents
GStreamer VA-API. A year after (GStreamer Conferece 2016)

GStreamer VA-API. A year after (GStreamer Conferece 2016)

Technology
Playing in the Family Law Sandbox Together - ALRP

Playing in the Family Law Sandbox Together - ALRP

Documents
Playing Nice In The Sandbox (Project Phoenix)

Playing Nice In The Sandbox (Project Phoenix)

Business
Playing Well in the Sandbox

Playing Well in the Sandbox

Documents
WebKit and GStreamer (GStreamer Conference 2013)

WebKit and GStreamer (GStreamer Conference 2013)

Technology
Gstreamer Basics

Gstreamer Basics

Technology
Playing Well Together in the Sandbox: Collaborating to Build A Responsive Crisis System in Arizona

Playing Well Together in the Sandbox: Collaborating to Build A Responsive Crisis System in Arizona

Documents
CSL In Session - Playing Nice in the Sandbox of Life: Working on a Team

CSL In Session - Playing Nice in the Sandbox of Life: Working on a Team

Documents
PyGtk - Gst - GStreamer Tutoriallaszlopandy.com/blog_files/opportunistic-developer-gstreamer.pdf · Building GStreamer into your app Add support in for playing audio or video. (Not

PyGtk - Gst - GStreamer Tutoriallaszlopandy.com/blog_files/opportunistic-developer-gstreamer.pdf · Building GStreamer into your app Add support in for playing audio or video. (Not

Documents
Gstreamer Manual

Gstreamer Manual

Documents
Accelerated GStreamer User Guide · CUDA Video Post-Processing with Gstreamer-1.0 Video Rotation with Gstreamer-1.0 Video Composition with Gstreamer-1.0 Interpolation Methods for

Accelerated GStreamer User Guide · CUDA Video Post-Processing with Gstreamer-1.0 Video Rotation with Gstreamer-1.0 Video Composition with Gstreamer-1.0 Interpolation Methods for

Documents
Big data now playing ..... a t the sandbox

Big data now playing ..... a t the sandbox

Documents
PR and Influencer Marketing: Playing Nice in the Sandbox

PR and Influencer Marketing: Playing Nice in the Sandbox

Marketing
GStreamer Past – Present - Futurewtay/gstreamer-conf-2010.pdf · GStreamer Past – Present - Future Wim Taymans (wim.taymans@gmail.com) 26 oct 2010 – GStreamer Conference Cambridge,

GStreamer Past – Present - Futurewtay/gstreamer-conf-2010.pdf · GStreamer Past – Present - Future Wim Taymans ([email protected]) 26 oct 2010 – GStreamer Conference Cambridge,

Documents
Playing Nice in the Sandbox: Collaboration and Subsidized Early Care and Education Programs

Playing Nice in the Sandbox: Collaboration and Subsidized Early Care and Education Programs

Documents
GStreamer 101

GStreamer 101

Technology
GStreamer - Part 5

GStreamer - Part 5

Documents
Playing Nice in the Sandbox of Life: Working on a Team

Playing Nice in the Sandbox of Life: Working on a Team

Documents
Playing in the Same Sandbox: MySQL and Oracle

Playing in the Same Sandbox: MySQL and Oracle

Technology
Gstreamer Plugin Developpers

Gstreamer Plugin Developpers

Documents
9-2017 Playing Together in God's Sandboxtrinitylutheranparkland.org/.../07/9-2017-Playing-Together-in-Gods...From Pastor Rick Rick Swenson, Visitation Pastor Playing in God's sandbox

9-2017 Playing Together in God's Sandboxtrinitylutheranparkland.org/.../07/9-2017-Playing-Together-in-Gods...From Pastor Rick Rick Swenson, Visitation Pastor Playing in God's sandbox

Documents
GStreamer and SysLink (GStreamer Conference 2011)

GStreamer and SysLink (GStreamer Conference 2011)

Technology
Fisl13 gstreamer

Fisl13 gstreamer

Technology