Re: Running Untrusted Code in a Restricted Process

Jeff Dike (jdike@karaya.com)
Fri, 09 Jun 2000 17:43:22 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Xuan Baldauf: "Re: dedicated logging devices"
Previous message: Andrew E. Mileski: "Re: Long long arithmetic"
Next in thread: jesse hammons: "Re: Running Untrusted Code in a Restricted Process"
Reply: jesse hammons: "Re: Running Untrusted Code in a Restricted Process"

> What I'm talking about is providing finer granularity for what system
> calls a process can make. A process that can't make system calls
> cannot delete files, make network connections, or make DOS attacks on
> RAM, CPU, or other system resources. Ever action is monitored by the
> host process, which is trusted code.

In order to implement all this stuff, you need all kinds of new cruft in the
kernel, and some in the system call path.

I better way to do this (IMHO) is with a dedicated sandbox arrangement. My
user-mode port of the kernel (http://user-mode-linux.sourceforge.net) is one.
It gives you a virtual machine whose disk space consumption, cpu consumption,
memory comsumption, and network traffic can be completely controlled.

Plus, it's all in user-space. Nothing needs to be added to the kernel at all.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Xuan Baldauf: "Re: dedicated logging devices"
Previous message: Andrew E. Mileski: "Re: Long long arithmetic"
Next in thread: jesse hammons: "Re: Running Untrusted Code in a Restricted Process"
Reply: jesse hammons: "Re: Running Untrusted Code in a Restricted Process"