[Ilugc] Safe execution of binary programs
- From: siva@xxxxxxxxxxx (Sivasankar Chander)
- Date: Sun Jul 25 17:52:01 2004
Running it in VM is not appropriate and possible for my application.
But how could running chroot jail prevent calling system calls like
signal (by which the program can easily kill processes).
It won't, unless you have a modified libc. But you can prevent it from
having access to a lot of helper applications (including ps, network-
related stuff like ifconfig, nmap, and so on). Not a complete solution,
but useful in some situations.
Other related posts: