c / c++ disable access to files

Question

Is it possible to disable access of some program to files completely? Because I don't want it to have any kind of access to files on system, is it possible to compile it so it doesn't have access to file stream or to run it someway it cant access files?

Answer 1

Under Windows, you can start the process under a restricted token

This requires more than just a basic knowledge of Windows API, but it's possible.

Answer 2

In Linux, you can change the owner of the process to nobody. This is no big security increase, as nobody still can access files etc. but it's better than running as a local user or root:

      struct passwd *pw = getpwnam("nobody");
      if (!pw)
         printf("Error: Unable to look up info about user nobody");
      else{
         setuid(pw->pw_uid);
         setgid(pw->pw_gid);
      }

Answer 3

In theory you can direct the linker not to link fopen and so on. You'll probably have to use static linkage.

---

But, often, when you come to a requirement like this you're approaching the problem from the wrong direction. What is it you are trying to achieve with this hack? Why do you want this?

Answer 4

In an unmanaged environment, code cannot tell itself not to do something it shouldn't. CAS is part of managed environments only, where the runtime provides an extra level of access control. It's up to the OS to prevent applications from doing things that the user they are running on behalf of cannot do. You should be able to run the application as if you were a different, more limited user; then, you could limit the user's access rights to the resource and the OS will prevent the code from accessing it.

Answer 5

The closest you'd be able to come to that is to run your program in a chroot jail.