[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disabling dangerous commands
|
From: |
Thomas Karpiniec |
|
Subject: |
Re: Disabling dangerous commands |
|
Date: |
Thu, 3 Jun 2010 11:17:25 +1000 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hi all,
Sorry for the delay in responding -- I've been trying out your various
ideas. I think I now have everything I need to solve this problem.
Basic restrictions:
- Commands can be disabled by setting up dummy .m files to obscure
built-ins and by also disabling commands which manipulate the path.
- PS1 and PS2 could be customised to contain a random token at
startup, then those commands disabled before IRC users get to use
it. This allows the controlling process to see if a command has been
running for too long or has opened up a subprompt.
- Run octave with a uid so it doesn't have permission to read/write
things it shouldn't. A chroot minimises the amount of stuff which
could be affected.
More advanced protection:
- ptrace(2) can be used to prevent use of fork() -- octave seems to
cope fine when a fork fails this way. This can be expanded to
prevent use of unlink(2), or anything else deemed unnecessary. It's
OS- and architecture-specific, of course.
- A virtual machine. :) Yes, this pretty much contains any worst-case
scenario.
Many thanks to you all! I can go ahead and finish it now.
Tom
signature.asc
Description: Digital signature
- Re: Disabling dangerous commands,
Thomas Karpiniec <=