>>>>> "earthman" == earthman <[EMAIL PROTECTED]> writes:
earthman> I want to create on-line judge for acm like olympiads. So I earthman> have to execute some code that came in source from earthman> outside(www). Thus security problem is my main problem. earthman> The idea is to deny all syscalls for specific process earthman> p. This is possible even without rewriting kernel by kernel earthman> module. earthman> Now I'm thinking how to do this. Possibly it would be easy earthman> to point p->sv_sysent to the structure that points earthman> sv_prepsyscall to some function that denies some system earthman> calls. (kill process, make some record in module about earthman> restricted call) But I don't understand how to cancel earthman> syscall out of those function. Maybe it's possible to change earthman> code parameter to something else. I don't know how secure this would be from random binary attacks, but I'd be very tempted to run the tests inside a vmware or bochs instance launched by a script. If I was making the decisions, I'd lean towards the bochs emulator ... as it's a complete virtual environment rather than vmware's magic mojo. As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime environment is bulletproof. Isn't a syscall required to finish off exit()? I would expect that bochs is scriptable. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: [EMAIL PROTECTED] | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
