Reputation: 13418
Lock down a program so it has no access to outside files, like a virus scanner does
I would like to launch an untrusted application programmatically, so I want to remove the program's ability to access files, network, etc. Essentially, I want to restrict it so its only interface to the rest of the computer is stdin and stdout.
Can I do that? Preferably in a cross-platform way but I sort of expect to have to do it differently for each OS. I'm using Python, but I'm willing to write this part in a lower level or more platform integrated language if necessary.
The reason I need to do this is to write a distributed computing infrastructure. It needs to download a program, execute it, piping data to stdin, and returning data that it receives on stdout to the central server. But since the program it downloads is untrusted, I want to restrict it to only using stdin and stdout.
Upvotes: 0
Views: 197
Answers (3)
Reputation: 11245
Yes, you can do this. You can run an inferior process through ptrace (essentially you act as a debugger) and you hook on system calls and determine whether they should be allowed or not.
codepad.org does this for instance, see: about codepad. It uses the geordi supervisor to execute the untrusted code.
Upvotes: 2
Reputation: 2770
You can run untrusted apps in chroot and block them from using network with an iptables rule (for example, owner --uid-owner match)
But really, virtual machine is more reliable and on modern hardware performance impact is negligible.
Upvotes: 0
Reputation: 5391
The short answer is no.
The long answer is not really. Consider a C program, in which the program opens a log file by grabbing the next available file descriptor. Your program, in order to stop this, would need to somehow monitor this, and block it. Depending on the robustness of the untrusted program, this could cause a fatal crash, or inhibit harmless functionality. There are many other similar issues to this one that make what you are trying to do hard.
I would recommend looking into sandboxing solutions already available. In particular, a virtual machine can be very useful for testing out untrusted code. If you can't find anything that meets your needs, your best bet is to probably deal with this at the kernel level, or with something a bit closer to the hardware such as C.
Upvotes: 4
Related Questions
- Best way to protect file python?
- Run an untrusted C program in a sandbox in Linux that prevents it from opening files, forking, etc.?
- How to allow script to be executed but not read?
- How would one programmatically stop an app from reading computer files?
- Prevent other processes and users from accessing a file
- Lock file for access on windows
- Protecting executable in Mac OS
- Put a process in a sandbox where it can do least harm
- Is it possible to restrict rights of invoked external program to read only file operations?
- Executing a script in windows and locking down a script