Skip to main content

A eBPF runtime sandbox for python that prevents RCE.

Project description

secimport

Upload Python Package

A Tailor-Made Sandbox for Your Python Applications.
secimport is eBPF-based sandbox toolkit for Python, that enforces specific syscalls per module in yoyr code.

  1. It traces your python code
  2. It creates a security profile for your application
  3. Use the profile by applying it to running processes, or to run a new python process with supervision.

secimport for python is like seccomp-bpf for linux but per module in your code.

Table of Contents generated with DocToc

Background

Technical Blogs

The problem

Traditional tools like seccomp or AppArmor enforce syscalls for the entire process.
Something like allowed_syscalls=["read","openat","bind","write"], which is great, but not enough for python's attack surface.

How it works

  1. secimport is able to trace which syscalls each module in your code uses (by package name).
  2. After tracing, secimport creates a JSON/YAML policy for your code. It compiles it into a high-performance eBPF instrumentation script (smaller then 512 bytes overall), that looks like this.
    modules:
      requests:
        destructive: true     # when true, secimport will kill on vilation instead of logging.
        syscall_allowlist:
          - fchmod
          - getentropy
          - getpgrp
          - getrlimit
    ...
    
    You can also use JSON instaead of YAML, and even confine builtin python modules.
  3. Finally, you convert this policy into an sandbox (eBPF instrumentation script) to run the python process in production. Running the sandbox will enfore python to obey any given policy.

Who is it for?

secimport is great for...

  • Preventing Code Execution: reduce the risk of supply chain attacks.
    • Trace the syscalls flow of your application at the user-space/os/kernel level and per module.
    • Run your application while enforcing syscalls per module.
      • Upon violation of the policy, it can log, stop, or kill the process.
  • Protect yourself from RCE:
    • secimport makes 1day attacks less of an issue, because it prevents the code form running. If you are using a vulnerable package and someone exploited it, your policy will not allow this exploit's syscalls and it will be handled as you wish.
    • Avoid incidents like log4shell. A logging library requires very few syscalls, and it should never run command using fork, execve or spawn.
      • The syscalls that "fastapi", "numpy" or "requests" use are very different.
  • Load AI Models from Insecure Sources
    • Models from unsafe source (huggingface, torch hub, and pytorch pickled models) can be limited to run only a set of syscalls. RCE like 'import os;os.system(...)' somewhere deep in the code will be catched by secimport.
  • Minimal Performance Impact
    • Has negligible performance impact and is production-ready thanks to eBPF. Check out the Performance benchmarks.
  • Trace which syscalls are called by each module in your code.
    • secimport uses USDT (Userland Statically Defined Tracing) together with kernel probes in the runtime using eBPF or dtrace instrumentation scripts.

Getting Started

Example Sandboxes

The Sandbox Examples page contains basic and advanced real-world examples.

Using Docker

The quickest way to evaluate secimport is to use our Docker container, which includes bpftrace (ebpf) and other plug-and-play examples. For quicker evaluation, we recommend using the Secimport Docker Image instead of self-installing.

  • Build and run the Docker container with a custom kernel that matches your existing OS kernel version:
    cd docker/ && ./build.sh && ./run.sh
    
    A temporary container will be created, and you will be logged in as the root user.

Without Docker

Tested on Ubuntu, Debian, Rocky (Linux x86/AMD/ARM) and MacOS in (x86/M1). If you run on MacOS you will need to disable SIP for dtrace.

  1. Install python with USDT probes by configuring it with '--dtrace'
  2. Install one of the backends: eBPF or DTrace.
  3. Install secimport
  • Install from pypi
    • python3 -m pip install secimport
      
  • Install from source
    • git clone https://github.com/avilum/secimport.git && cd secimport
      python3 -m pip install poetry && python3 -m poetry install
      

Command Line Usage

To sandbox your program using the CLI, start a bpftrace program that logs all the syscalls for all the modules in your application into a file with the secimport trace command. Once you have covered the logic you would like to sandbox, hit CTRL+C or CTRL+D, or wait for the program to finish. Then, build a sandbox from the trace using the secimport build command, and run the sandbox with the secimport run command.

NAME
    secimport - is a comprehensive toolkit designed to enable the tracing, construction, and execution of secure Python runtimes. It leverages USDT probes and eBPF/DTrace technologies to enhance the overall security measures.

SYNOPSIS
    secimport COMMAND

DESCRIPTION
    https://github.com/avilum/secimport/wiki/Command-Line-Usage

    WORKFLOW:
            1. secimport trace / secimport shell
            2. secimport build
            3. secimport run

    QUICKSTART:
            $ secimport interactive

    EXAMPLES:
        1. trace:
            $  secimport trace
            $  secimport trace -h
            $  secimport trace_pid 123
            $  secimport trace_pid -h
        2. build:
            # secimport build
            $ secimport build -h
        3. run:
            $  secimport run
            $  secimport run --entrypoint my_custom_main.py
            $  secimport run --entrypoint my_custom_main.py --stop_on_violation=true
            $  secimport run --entrypoint my_custom_main.py --kill_on_violation=true
            $  secimport run --sandbox_executable /path/to/my_sandbox.bt --pid 2884
            $  secimport run --sandbox_executable /path/to/my_sandbox.bt --sandbox_logfile my_log.log
            $  secimport run -h

COMMANDS
    COMMAND is one of the following:

     build
       Compiles a trace log (trace.log). Creates the sandbox executable (instrumentation script) for each supported backend It uses `create_profile_from_trace ...` and `sandbox_from_profile`.

     compile_sandbox_from_profile
       Generates a tailor-made sandbox that will enforce a given yaml profile/policy in runtime.

     interactive

     run
       Run a python process inside the sandbox.

     shell
       Alternative syntax for secimport "trace".

     trace
       Traces a python process using an entrypoint or interactive interpreter. It might require sudo privilleges on some hosts.

     trace_pid
       Traces a running process by pid. It might require sudo privilleges on some hosts.

Stop on violation

root@1bc0531d91d0:/workspace# secimport run  --stop_on_violation=true
 >>> secimport run
[WARNING]: This sandbox will send SIGSTOP to the program upon violation.
 RUNNING SANDBOX... ['./sandbox.bt', '--unsafe', ' -c ', '/workspace/Python-3.11.8/python', 'STOP']
Attaching 4 probes...
Python 3.11.8 (default, Apr 28 2023, 11:32:40) [GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.system('ps')
[SECURITY PROFILE VIOLATED]: <stdin> called syscall 56 at depth 8022

^^^ STOPPING PROCESS 85918 DUE TO SYSCALL VIOLATION ^^^
		PROCESS 85918 STOPPED.

Kill on violation

root@ee4bc99bb011:/workspace# secimport run --kill_on_violation
 >>> secimport run
[WARNING]: This sandbox will send SIGKILL to the program upon violation.
 RUNNING SANDBOX... ['./sandbox.bt', '--unsafe', ' -c ', '/workspace/Python-3.11.8/python', 'KILL']
import os
oAttaching 4 probes...
sPython 3.11.8 (default, Apr 28 2023, 11:32:40) [GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.system('ps')
[SECURITY PROFILE VIOLATED]: <stdin> called syscall 56 at depth 8022

^^^ KILLING PROCESS 86466 DUE TO SYSCALL VIOLATION ^^^
		KILLED.
 SANDBOX EXITED;

Quickstart: trace, build, run.

root@1fa3d6f09989:/workspace# secimport interactive

Let's create our first tailor-made sandbox with secimport!
- A python shell will be opened
- The behavior will be recorded.

OK? (y): y
 >>> secimport trace

TRACING: ['/workspace/secimport/profiles/trace.bt', '-c', '/workspace/Python-3.11.8/python', '-o', 'trace.log']

                        Press CTRL+D to stop the trace;

Python 3.11.8 (default, Mar 19 2023, 08:34:46) [GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import this
>>>
 TRACING DONE;
 >>> secimport build

SECIMPORT COMPILING...

CREATED JSON TEMPLATE:  policy.json
CREATED YAML TEMPLATE:  policy.yaml
compiling template policy.yaml
DTRACE SANDBOX:  sandbox.d
BPFTRCE SANDBOX:  sandbox.bt

Now, let's run the sandbox!

- Run the same commands as before, they should run without any problem;.
- Do something new in the shell; e.g:   >>> __import__("os").system("ps")

        OK? (y): y
 >>> secimport run
 RUNNING SANDBOX... ['./sandbox.bt', '--unsafe', ' -c ', '/workspace/Python-3.11.8/python']
Attaching 5 probes...
REGISTERING SYSCALLS...
STARTED
Python 3.11.8 (default, Mar 19 2023, 08:34:46) [GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import this
>>> import os
[SECIMPORT VIOLATION]: <stdin> called syscall ioctl at depth 0
[SECIMPORT VIOLATION]: <stdin> called syscall ioctl at depth 0

For more detailed usage instructions, see the Command-Line Usage page.

Advanced

Python API

See the Python Imports example for more details.
You can use secimport directly from python, instead of the CLI.
you can replace import with secimport.secure_import for selected modules, and have them supervised in real time.

seccomp-bpf support using nsjail

Beside the sandbox that secimport builds,
The secimport build command creates an nsjail sandbox with seccomp profile for your traced code.
nsjail enables namespace sandboxing with seccomp on linux
secimport automatically generates seccomp profiles to use with nsjail as executable bash script. It can be used to limit the syscalls of the entire python process, as another layer of defence.

Changelog

See the Changelog for development progress and existing features.

Contributing

For information on how to contribute to secimport, see the Contributing guide.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secimport-0.10.0.tar.gz (48.4 kB view details)

Uploaded Source

Built Distribution

secimport-0.10.0-py3-none-any.whl (59.0 kB view details)

Uploaded Python 3

File details

Details for the file secimport-0.10.0.tar.gz.

File metadata

  • Download URL: secimport-0.10.0.tar.gz
  • Upload date:
  • Size: 48.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.9.19

File hashes

Hashes for secimport-0.10.0.tar.gz
Algorithm Hash digest
SHA256 6748540c911beb4aed5bdc192ffa139c275507d0f526cf6a25ccfc4c2531a29c
MD5 bbf9b2076c40e49671e90371765ad5d3
BLAKE2b-256 b09c26bb30b0a77f74397397e667bf9fba8b0928207a2c0034c585e5c74a7b50

See more details on using hashes here.

File details

Details for the file secimport-0.10.0-py3-none-any.whl.

File metadata

  • Download URL: secimport-0.10.0-py3-none-any.whl
  • Upload date:
  • Size: 59.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.9.19

File hashes

Hashes for secimport-0.10.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1d590e483ce7ad3c4441c7ba3fc0e250ec773bab6f83429594706ea29c4803ee
MD5 0bdf0ea12738d325202ac8364bc2ad5c
BLAKE2b-256 beb6d0da1db619c240b3ee1b97f5a5229d557a614c641a74691cedea6c4bf3fc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page