什么系统调用来阻止/允许/检查创建程序主管

发布于 2024-09-17 18:10:54 字数 423 浏览 13 评论 0原文

按照 使用 ptrace 在用户空间中编写程序管理程序,我正在尝试创建在线法官的程序主管组件。

我需要完全阻止哪些系统调用,始终允许或检查以下属性:

  • 防止分叉或运行其他命令
  • 限制为标准“安全”C 和 C++ 库
  • 防止网络访问
  • 限制访问除 2 个文件“in.txt”之外的所有文件和“out.txt”
  • 阻止访问任何系统功能或详细信息。
  • 防止应用程序逃离其监管者
  • 防止任何令人讨厌的事情。

感谢任何帮助/建议/链接,非常感谢。

as per Using ptrace to write a program supervisor in userspace, I'm attempting to create the program supervisor component of an online judge.

What system calls would I need to block totally, always allow or check the attributes of to:

  • Prevent forking or runing other commands
  • Restrict to standard 'safe' C and C++ libs
  • Prevent net access
  • Restrict access to all but 2 files 'in.txt' and 'out.txt'
  • Prevent access to any system functions or details.
  • Prevent the application from escaping its supervisor
  • Prevent anything nasty.

Thanks any help/advice/links much appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

网白 2024-09-24 18:10:55

如果您只想系统调用检查另一个进程,您可以使用 ptrace(),但您将没有任何保证,如 使用 ptrace 在用户空间中编写程序管理程序

您可以使用 valgrind 来检查和挂钩函数调用、库,但这会很乏味,而且也许黑名单不是这样做的好方法。

您还可以使用 systrace,( http://en.wikipedia.org/wiki/Systrace )编写规则以授权/阻止各种事情,例如仅打开某些文件等...使用它来沙箱进程很简单。

If you only wants system calls to inspect another processus, you can use ptrace(), but ou will have no guaranties, like said in Using ptrace to write a program supervisor in userspace.

You can use valgrind to inspect and hook functions calls, libraries, but it will be tedious and maybe blacklisting is not the good way to do that.

You can also use systrace, ( http://en.wikipedia.org/wiki/Systrace ) to write rules in order to authorize/block various things, like open only some files, etc... It is simple to use it to sandbox a processus.

一紙繁鸢 2024-09-24 18:10:54

从安全角度来看,最好的方法是弄清楚您需要允许什么,而不是您需要拒绝什么。我建议从一个主管开始,它只记录一组已知良性程序所做的一切,然后将这些系统调用和文件访问列入白名单。当新程序与这个限制非常严格的沙箱发生冲突时,您可以根据具体情况评估放宽限制,直到找到正确的配置文件。

这本质上就是在 Mac OS X 上开发应用程序沙箱配置文件的方式。

From a security perspective, the best approach is to figure out what you need to permit rather than what you need to deny. I would recommend starting with a supervisor that just logs everything that a known-benign set of programs does, and then whitelist those syscalls and file accesses. As new programs run afoul of this very restrictive sandbox, you can then evaluate loosening restrictions on a case-by-case basis until you find the right profile.

This is essentially how application sandbox profiles are developed on Mac OS X.

丑疤怪 2024-09-24 18:10:54

也许您可以配置 AppArmor 来执行您想要的操作。来自常见问题解答:

AppArmor 是当今市场上最有效且易于使用的 Linux 应用程序安全系统。 AppArmor 是一个安全框架,通过强制执行良好的程序行为并防止未知的软件缺陷被利用,主动保护操作系统和应用程序免受外部或内部威胁,甚至零日攻击。 AppArmor 安全配置文件完全定义了各个程序可以访问哪些系统资源以及具有哪些权限。 AppArmor 中包含许多默认策略,并且结合使用先进的静态分析和基于学习的工具,即使是非常复杂的应用程序的 AppArmor 策略也可以在几个小时内成功部署。

Perhaps you can configure AppArmor to do what you want. From the FAQ:

AppArmor is the most effective and easy-to-use Linux application security system available on the market today. AppArmor is a security framework that proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good program behavior and preventing even unknown software flaws from being exploited. AppArmor security profiles completely define what system resources individual programs can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文