Re: Running Untrusted Code in a Restricted Process

Jeff Dike (jdike@karaya.com)
Fri, 09 Jun 2000 23:51:03 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jesse Pollard: "Re: Floppy handling"
Previous message: H. Peter Anvin: "Re: Floppy handling"

daw@cs.berkeley.edu said:
> As others have noted, you can use ptrace() to selectively deny
> syscalls. See http://www.cs.berkeley.edu/~daw/janus/ for an
> implementation that used this idea in a more general context.

And see Pavel Machek's site (http://atrey.karlin.mff.cuni.cz/~pavel/dipl/eng.ht
ml) for how Janus (and any other ptrace syscall filterer) can be faked out.
Plus a bunch of other sandbox possibilities.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesse Pollard: "Re: Floppy handling"
Previous message: H. Peter Anvin: "Re: Floppy handling"