>> First, let me explain what I'm doing. I want to be able to run untrusted code
>> in a separate process. An example would be downloading a binary plugin. I
>> believe there is a way to create a Linux personality that restricts which
>> system calls a process is allowed to make. This actually sparked a debate with
>> an engineering friend of mine. He claims that there is probably a way to
>> execute a sequence of instructions that somehow leaves the processer in a bad
>> state. I disagree! If that were true, anyone could crash the linux (or any
>> x86 unix) kernel.
It actually is true for intel80386, some k6s with 2.0 kernel, some cyrixes, ...
>>
>> Anyway here is the idea. I added a new task flag PF_RESTRICTED. This bit
>> is set by setting yourself to the PER_RESTRICTED personality like so:
>>
>> This idea is so simple that I'm suprised that I couldn't find any
>> implementations after searching the web for a day.
>
>This can already be done with the current ptrace functionality. Ptrace
>can intercept system calls made by the traced process (strace uses this)
>and can modify or deny them.
...and if you want good implementation of this idea, take a look at subterfugue.org. It is all there. Denying set of syscalls is pretty, easy; subterfugue can do even much more complicated tricks. (Redirect all accesses to /etc into /fake_etc? No problem.) Pavel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:25 EST