GCC how to block system calls within a program?

Question

Does anyone tell me how to block some specific system calls within a program, please? I am building a system which takes a piece of C source code, compiles it with gcc and runs it. For security reasons, I need to prevent the compiled program from calling some system calls. Is there any way to do it, from the source code level (e.g. stripping the header files of gcc, detecting malicious external calls, ...) to the executable level?

Edited #1: Add details about malicious calls.

Edited #2: My system is a GNU/Linux one.

Edited #3:

I have tried some methods within a few days and here are the conclusions I've got so far:

1. Scanning the source code does not solve the main problem since one can always obsfucate his/her C source file quite well.
2. "Overriding C symbol" works well for libraries, but for system calls I have not achieved what I wanted. This idea is not dead, however, doing this would definitely cause me a lot of time hacking (gcc and/or ld).
3. Permission deescalation works like a charm. I could use fakeroot or a "guest" user to do it. This method is also the easiest to implement.

The other one is native client which I have not tried yet but I definitely would in near future due to the common between the project and my work.

Answer 1

Just to illustrate that this is not possible, the following program:

int main() {
    return 0;
}

makes over 20 system calls as reported using strace. The calls include open (twice) which is one of the calls you seem to want to block.

Answer 2

You can't.

Even this program:

#include <stdio.h>

int main()
{
    printf("Hello, World\n");
    return 0;
}

makes at least one system call (to send the string "Hello, World\n" to standard out). System calls are the only way for a program to interact with the outside World. Use the operating system's security model for security.

Edited for this comment:

I meant not all system calls but malicious system calls, e.g. execv() could be used to execute a BASH script which wipes out my data on the disk.

Your operating system already includes mechanisms to stop that sort of thing happening. For instance, in order for a bash script to wipe out your data, the process must already have write access to that data. That means it must have been started by you or root. Your only real option is not to install untrustworthy software.

By the way, depending on your platform, execv is not necessarily a system call. On Linux, it's a C library wrapper for the real system call (execve).

Answer 3

Well, if you just want to block specific calls, why not just do a grep through the source code before attempting to compile it ? And reject programs which use the insecure system calls.

Answer 4

As others have noted, it's impossible for a program to avoid making system calls, they permate the C library all over the place.

However you might be able to make some headway with careful use of the LD_PRELOAD mechanism, if your platform supports it (e.g. Linux): you write a shared library with the same symbol names as those in the C library, which are called instead of the intended libc functions. (For example, Electric Fence is built as a shared library on Debian-based systems and intercepts calls to malloc, free et al.)

I suspect you could use this mechanism to trap or argument-check calls to any libc functions you don't like, and perhaps to note those which you consider unconditionally safe. It might then be reasonable to scan the compiled executable for the code corresponding to INT 80 to trap out any attempts to make raw syscalls (0xcd 0x80 - though beware of false positives). However I have only give this a few moments of thought, I could easily have missed something or this might turn out to be impractical...

Answer 5

Some project have similar idea you can take a look at nacl: http://code.google.com/p/nativeclient/