创建防弹工作进程(在 Windows 上)

发布于 2024-10-03 19:20:17 字数 412 浏览 4 评论 0原文

我编写了一个 pdf 查看器,它使用用 C 编写的各种库。此 C 代码可能很容易被利用。而且要检查的行太多了。我必须假设这段代码可能包含可利用的错误。

问题是 C 代码非常简单。字节流从一端进入,位图(也是字节流)从另一端输出。

受谷歌浏览器的启发,我正在考虑创建一个单独的进程来进行解码和页面渲染。理想情况下,这应该在一个进程中执行,该进程除了读取它所拥有的一个输入流并输出到另一端的字节流(一些未压缩的位图)之外,绝对无权执行任何操作。

我认为该进程不应该做的是:

  • 任何磁盘访问
  • 打开套接字
  • 有限数量的内存使用访问
  • 与其他进程共享的内存
  • 加载其他dll
  • ...还有其他什么吗?

这可能吗?这是在某处描述的吗?

I write a pdf viewer that uses various libraries written in C. This C code is potentially easy to exploit. And there are just too many lines to check. I will have to assume that this code may contain exploitable bugs.

The thing is that the C code is quite straightforward. A stream of bytes go in at one end, and a bitmap (also a stream of bytes) comes out at the other.

Inspired by google chrome, I am thinking to create a separate process that does the decoding and page rendering. Ideally this should be executed in a process that has absolutely no rights to do anything except reading the one input stream it has, and outputting to a stream of bytes (some uncompresed bitmap) at the other end.

What I think the process should not be able to do is:

  • any disk access
  • open sockets
  • limited amount of memory use
  • access shared memory with other processes
  • load other dll's
  • ... anything else?

Is that possible? Is this described somewhere?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

也只是曾经 2024-10-10 19:20:17

如果您有源代码 - 您可以检查它是否没有执行所描述的操作。
嗯,限制可用内存有点困难。不过,您可以使用SetProcessWorkingSetSize

此外,在构建可执行文件后,您可以检查其 DLL 导入表(通过依赖项 walker)以确保它不会访问任何文件/套接字函数。

If you have the source code - you may check it doesn't do the described things.
Well, limiting available memory is a bit more difficult. You may however use SetProcessWorkingSetSize.

Also after you've built the executable you may check its DLL import table (by dependencies walker) to ensure it doesn't access any file/socket function.

你对谁都笑 2024-10-10 19:20:17

这实在是不可能的。最终,任何潜在的漏洞利用代码都将以该进程运行的任何权限运行。如果您以标准用户身份运行它,那么您将限制可能造成的损害,但最好的选择是尽可能修复代码。

This isn't really possible. Ultimately any potential exploit code will be running with whatever privileges this process runs with. If you run it as a standard user then you will limit the damage that could be done, but your best bet is to just fix the code as much as possible.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文