[Ilugc] Safe execution of binary programs

• From: sridharinfinity@xxxxxxxxx (Sridhar R)
• Date: Sun Jul 25 17:28:30 2004

Sivasankar Chander <siva@xxxxxxxxxxx> wrote:

Is there any way to execute programs (compiled from untrusted C/C++
source file) in safe way ?

* The program may use 'signal' system call to kill all other user
processes. This shoudn't be allowed
* The program shoudn't be allowed to use n/w
* Resources should be limited ('ulimit' comes here)
* .. anything I missed.

  Execute it in a chroot jail as an unprivileged (non-root) user. Better
still, run it in a virtual machine like plex86/vmware with a minimal
userland.

  Running it in VM is not appropriate and possible for my application.
 But how could running chroot jail prevent calling system calls like
signal (by which the program can easily kill processes).

PS: Actually I am trying to write a (python) program that will execute
binaries safely.

-- 
Sridhar - http://www.cs.annauniv.edu/~rsridhar
Blog: http://www.livejournal.com/users/sridharinfinity

• Follow-Ups:
  • [Ilugc] Safe execution of binary programs
    • From: Sivasankar Chander

• References:
  • [Ilugc] Safe execution of binary programs
    • From: Sivasankar Chander

Other related posts:

• » [Ilugc] Safe execution of binary programs- Sridhar R
• » [Ilugc] Safe execution of binary programs- Sivasankar Chander
• » [Ilugc] Safe execution of binary programs - Sridhar R
• » [Ilugc] Safe execution of binary programs- Sivasankar Chander

1. Home
2. ilugc
3. Archive
4. 07-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---