tags:

views:

78

answers:

3
+8  Q: 

What system calls to block/allow/inspect to create a program supervisor.

Hi, as per http://stackoverflow.com/questions/3642370/using-ptrace-to-write-a-program-supervisor-in-userspace, I'm attempting to create the program supervisor component of an online judge.

What system calls would I need to block totally, always allow or check the attributes of to:

  • Prevent forking or runing other commands
  • Restrict to standard 'safe' C and C++ libs
  • Prevent net access
  • Restrict access to all but 2 files 'in.txt' and 'out.txt'
  • Prevent access to any system functions or details.
  • Prevent the application from escaping its supervisor
  • Prevent anything nasty.

Thanks any help/advice/links much appreciated.

+2  A: 

From a security perspective, the best approach is to figure out what you need to permit rather than what you need to deny. I would recommend starting with a supervisor that just logs everything that a known-benign set of programs does, and then whitelist those syscalls and file accesses. As new programs run afoul of this very restrictive sandbox, you can then evaluate loosening restrictions on a case-by-case basis until you find the right profile.

This is essentially how application sandbox profiles are developed on Mac OS X.

Kaelin Colclasure  2010-09-21 11:08:43
A: 

If you only wants system calls to inspect another processus, you can use ptrace(), but ou will have no guaranties, like said in http://stackoverflow.com/questions/3642370/using-ptrace-to-write-a-program-supervisor-in-userspace.

You can use valgrind to inspect and hook functions calls, libraries, but it will be tedious and maybe blacklisting is not the good way to do that.

You can also use systrace, ( http://en.wikipedia.org/wiki/Systrace ) to write rules in order to authorize/block various things, like open only some files, etc... It is simple to use it to sandbox a processus.

Gabriel  2010-09-21 11:45:10
+1  A: 

Perhaps you can configure AppArmor to do what you want. From the FAQ:

AppArmor is the most effective and easy-to-use Linux application security system available on the market today. AppArmor is a security framework that proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good program behavior and preventing even unknown software flaws from being exploited. AppArmor security profiles completely define what system resources individual programs can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

Emil  2010-09-21 19:47:54

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security