[Ilugc] Safe execution of binary programs
- From: sridharinfinity@xxxxxxxxx (Sridhar R)
- Date: Sun Jul 25 17:28:30 2004
Sivasankar Chander <siva@xxxxxxxxxxx> wrote:
Is there any way to execute programs (compiled from untrusted C/C++ Execute it in a chroot jail as an unprivileged (non-root) user. Better
source file) in safe way ?
* The program may use 'signal' system call to kill all other user
processes. This shoudn't be allowed
* The program shoudn't be allowed to use n/w
* Resources should be limited ('ulimit' comes here)
* .. anything I missed.
still, run it in a virtual machine like plex86/vmware with a minimal
Running it in VM is not appropriate and possible for my application.
But how could running chroot jail prevent calling system calls like
signal (by which the program can easily kill processes).
PS: Actually I am trying to write a (python) program that will execute
Sridhar - http://www.cs.annauniv.edu/~rsridhar
Other related posts: