On Thu, 16 Oct 2003 18:28:15 -0400
David Gilbert [EMAIL PROTECTED] wrote:
As you conjecture, a syscall-less or syscall-restricted environment
*should* be safe ... if your syscall changes are bulletproof *_and_*
the rest of the runtime environment is bulletproof.
Good system call policies are a
Samy == Samy Al Bahra [EMAIL PROTECTED] writes:
Samy On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert
Samy [EMAIL PROTECTED] wrote:
As you conjecture, a syscall-less or syscall-restricted environment
*should* be safe ... if your syscall changes are bulletproof
*_and_* the rest of the runtime
earthman == earthman [EMAIL PROTECTED] writes:
earthman I want to create on-line judge for acm like olympiads. So I
earthman have to execute some code that came in source from
earthman outside(www). Thus security problem is my main problem.
earthman The idea is to deny all syscalls for
On Thu, Oct 09, 2003 at 07:46:45AM +0300, earthman wrote:
+ The idea is to deny all syscalls for specific
+ process p. This is possible even without rewriting
+ kernel by kernel module.
+
+ Now I'm thinking how to do this.
+ Possibly it would be easy to point p-sv_sysent
+ to the structure that
On Thu, 9 Oct 2003 07:46:45 +0300
earthman [EMAIL PROTECTED] wrote:
Now I'm thinking how to do this.
Possibly it would be easy to point p-sv_sysent
to the structure that points sv_prepsyscall
to some function that denies some system calls.
(kill process, make some record in module about
PJD You may just try CerbNG:
PJD http://cerber.sourceforge.net
PJD It was presented on WIP session at BSDCon03, slides are here:
PJD http://garage.freebsd.pl/CerbNG.pdf
PJD 1.0-RC3 will be avaliable in near future.
Before I wanted to create some cerber based solution
but I think
I want to create on-line judge for acm like
olympiads. So I have to execute some code
that came in source from outside(www).
Thus security problem is my main problem.
The idea is to deny all syscalls for specific
process p. This is possible even without rewriting
kernel by kernel module.
Now
On Thu, 9 Oct 2003, 07:46+0300, earthman wrote:
I want to create on-line judge for acm like
olympiads. So I have to execute some code
that came in source from outside(www).
Thus security problem is my main problem.
The idea is to deny all syscalls for specific
process p. This is possible
8 matches
Mail list logo