Re: Running Untrusted Code in a Restricted Process

From: Jeff Dike (jdike@karaya.com)
Date: Fri Jun 09 2000 - 23:51:03 EST

Next message: Jesse Pollard: "Re: Floppy handling"
Previous message: Ed Carp: "Re: Red Hat (was Re: reiserfs)"
In reply to: David A. Wagner: "Re: Running Untrusted Code in a Restricted Process"
Next in thread: Jeff Dike: "Re: Running Untrusted Code in a Restricted Process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

daw@cs.berkeley.edu said:
> As others have noted, you can use ptrace() to selectively deny
> syscalls. See http://www.cs.berkeley.edu/~daw/janus/ for an
> implementation that used this idea in a more general context.

And see Pavel Machek's site (http://atrey.karlin.mff.cuni.cz/~pavel/dipl/eng.ht
ml) for how Janus (and any other ptrace syscall filterer) can be faked out.
Plus a bunch of other sandbox possibilities.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesse Pollard: "Re: Floppy handling"
Previous message: Ed Carp: "Re: Red Hat (was Re: reiserfs)"
In reply to: David A. Wagner: "Re: Running Untrusted Code in a Restricted Process"
Next in thread: Jeff Dike: "Re: Running Untrusted Code in a Restricted Process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:20 EST