Let's say I have a process "A" that loads a dynamic library "L".
Q: Is there a way to disable access to the "exec" functions to functions inside "L"?
A:
There are possibly some tricks that you can do (for example, use the MMU to map the section of the C library that contains the exec() functions as non-executable) that might get the effect you want.
However - since the dynamic library is running within the same process space as you there is nothing that you can do that would permanently disable it for the library that the library couldn't undo.
Aaron
2009-12-07 16:49:44
@Aaron: does that mean I could *rebind* some functions back to the original *libc* ?
jldupont
2009-12-07 17:15:44
@jldupont - I'm not sure what you mean by that.
Aaron
2009-12-07 19:27:41
+1
A:
The dynamic library shares the same process space as the calling application, so it's definitely not easy (and I think not possible, without also denying it to your application). If you can wrap the library in a separate application, then AppArmor or SELinux may help, but in general: why are you loading an untrusted library into your application?
You may also find that looking into how Chromium deals with sandboxing is helpful.
Andrew Aylett
2009-12-07 16:49:57
@axa: the very reason I was asking the question is related to my encounter with Chromium: extensions on Chrome do not have direct access to "exec" functions (or at least I haven't found a way).
jldupont
2009-12-07 16:54:43
See http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox for design and http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/suid/ for code of Chromium's current sandbox. This may be replaced by a seccomp- or SELinux-based sandbox in the future.
ephemient
2009-12-07 18:47:54
+1
A:
If you're on Linux, you can do the following:
Implement your OWN version of exec() and system() that do what you want (or don't do), and either LD_PRELOAD it, or pass RTLD_DEEPBIND to dlopen()... This will cause the linker to prefer YOUR versions of these methods over the versions provided by libc.
dicroce
2009-12-07 16:53:21
+2
A:
Use AppArmor for this. It allows to specifically reduce the operations an application can perform: Which files can it read/write, what OS functions can it call, what network services it can use.
It's a bit hard to setup but you can use a tool which records all operations that run your app needs. After a run, you can check the output, modify it a bit and then use it.
Aaron Digulla
2009-12-07 16:55:38