LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-27-2006, 05:01 PM   #1
cep21
LQ Newbie
 
Registered: Jul 2005
Posts: 6

Rep: Reputation: 0
Running untrusted code


I need to run an untrusted program that may be attempting to crash my system or use it for malicious purposes. I have to pipe input into standard in for the program and read any standard out that it sends. What I can think of, is I need to prevent the program from creating any files, reading any files but a few necessary ones, opening any network connections, or hanging the system itself. I also need to batch run a series of these programs. I've looked into a few sandbox options but they're all 'alpha' or unsupported. I've also thought about running the code inside a virtual machine, but I would need a quick way to batch run a series of these programs and I don't know how to do that with a virtual machine without one program affecting the running of the next.

Anyone got any suggestions? Anyone done something like this before?

Thanks in advance.
 
Old 03-27-2006, 08:02 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,260
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
I need to run an untrusted program that may be attempting to crash my system
Interesting. Any details?


I've looked into a few sandbox options but they're all 'alpha' or unsupported.
Which ones?


I would need a quick way to batch run a series of these programs
So that kinda boils down to security vs speed.
Which one are you willing to sacrifice?..


Anyone got any suggestions?
Load a LiveCD on a spare box.
 
Old 03-27-2006, 08:22 PM   #3
cep21
LQ Newbie
 
Registered: Jul 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn
I need to run an untrusted program that may be attempting to crash my system
Interesting. Any details?
A web page (the server) will accept unknown C++ source code uploaded by untrusted users, compiling the code, evaluating the result, and sending a status report back to the user.


Quote:
Originally Posted by unSpawn
I've looked into a few sandbox options but they're all 'alpha' or unsupported.
Which ones?
http://sandbox.sourceforge.net/

http://www.ussg.iu.edu/hypermail/lin...06.1/0373.html
That thread pointed me to ptrace, but I was hoping for something more wrapped up and ready to go. I don't trust myself to think of all the hooks needed to check for. My area of programming is more in Java than c.

I also found
http://user-mode-linux.sourceforge.net/

I could use UML or even qemu to run the code and figure out some hack to get input back and forth, but I would have to restore the VM's state after each run and I'm afraid that may take too much time.

Quote:
Originally Posted by unSpawn
I would need a quick way to batch run a series of these programs
So that kinda boils down to security vs speed.
Which one are you willing to sacrifice?..
It doesn't have to run that fast. I even want to time out the process after a few seconds(10-15). I would accept up to a minute of down time between runs. Maybe two. Anything more than that is pushing it.


Quote:
Originally Posted by unSpawn
Anyone got any suggestions?
Load a LiveCD on a spare box.
I need to automate the process. Users are uploading the code from a web page.

I actually have a working model in Java, but it uses Java's built in sandbox. I'm hoping to expand to c++.
 
Old 03-28-2006, 04:45 AM   #4
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Question sounds like the answer to "what is it good for" from the SELinux FAQ. Personally, it's the first thing I disable on a new installation (some might even say SELinux itself comes from an untrustworthy source) but for the .0001% of users with your specific needs I suppose it might be useful. I'd rather drill my own teeth than have to configure it, but to each their own (inelegant kludge of a solution.)

http://www.nsa.gov/selinux/info/faq.cfm
 
Old 03-28-2006, 04:02 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,260
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
A web page (the server) will accept unknown C++ source code uploaded by untrusted users, compiling the code, evaluating the result, and sending a status report back to the user.
OK. So basically you're saying "fsck up my box". Cool. Still, if you don't know what to expect I definately would run the whole build and test sequence on a separate box in some form of virtualisation cage. If you really can not afford to have a separate box running the whole virtualisation process on the webserver itself hightens risks, so you'll have to look at how you can balance it. Anything that can ease the trade-off, like possible restrictions you can place on uploaded code in any way will help. Wrt to the virtualisation itself you'll want to use a strict separated environment with a separate (possibly hardened and modified) kernel and a minimum of libs/apps and no network access except for exchanging code and reports with the (definately hardened) host system. I would strongly advice against you running code in the same kernel you run the host OS in. However hardened your system is, that's asking for problems. A userland environment like for instance Qemu offers should be more suited for the task.


I could use UML or even qemu to run the code and figure out some hack to get input back and forth, but I would have to restore the VM's state after each run and I'm afraid that may take too much time. It doesn't have to run that fast. I even want to time out the process after a few seconds(10-15). I would accept up to a minute of down time between runs. Maybe two. Anything more than that is pushing it. I need to automate the process. Users are uploading the code from a web page.
Qemu allows you to restore snapshots and VM states. Add a custom image (smaller memory footprint) and possibly you can run say three slots for which you can queue code.
 
Old 03-29-2006, 09:04 AM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,377

Rep: Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108
The problem with this scenario is that you just can't tell what a program might try to do .. even if it is functioning correctly.

A simpler, more innocuous example of the same problem is, "test this program to see if it will segfault."

So, what you have to do is to limit what it is allowed to do, by means of "hardening" and the intelligent use of non-root userids.
 
Old 03-29-2006, 09:08 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,260
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
The problem with this scenario is that you just can't tell what a program might try to do
Which scenario?
 
Old 03-29-2006, 09:18 AM   #8
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Quote:
I've looked into a few sandbox options but they're all 'alpha' or unsupported. I've also thought about running the code inside a virtual machine, but I would need a quick way to batch run a series of these programs and I don't know how to do that with a virtual machine without one program affecting the running of the next.
You might look into 'pbuilder'. Martin Krafft goes into it in great detail in his book, The Debian System, but I haven't gotten that far. I have encountered a few references to it, and it seems to be a way to build a virtual sandbox, cleaning up after itself after a program is executed.

Last edited by rickh; 03-29-2006 at 12:22 PM.
 
Old 03-29-2006, 11:30 AM   #9
cep21
LQ Newbie
 
Registered: Jul 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
The problem with this scenario is that you just can't tell what a program might try to do .. even if it is functioning correctly.
I understand you there. The programs I'm running should be simple and nice, so if they do anything really deep into the kernel or something strange, they're probably not doing what I want and should just stop.

Quote:
You might look into 'pbuilder'.
Pbuilder looks like a chroot environment. As I understand it, chroot sets up another / inside a directory. With this, will I be able to prevent hardware access or network access, as well as limit file write size?

Last edited by cep21; 03-29-2006 at 11:40 AM.
 
Old 03-29-2006, 12:33 PM   #10
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Quote:
With this, will I be able to prevent hardware access or network access, as well as limit file write size?
I don't know. Like I said, I haven't gotten that far in the book. But, as I understand what you want to do, there is not going to be a quick and easy solution. I assume you saw the pbuilder manual,
http://www.netfort.gr.jp/~dancer/sof...ilder-doc.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Loading object code into RAM and running it sto237 Linux - Software 1 01-27-2006 06:46 PM
running executable in C++ code psIpher Programming 2 11-25-2005 01:44 PM
User Preferences: Use HTML code instead of vB code? (vB code is overrated) stefanlasiewski LQ Suggestions & Feedback 5 07-26-2005 01:37 AM
ssh from an untrusted host ddaas Linux - Security 1 03-30-2005 12:31 PM
Running C code in Redhat 7.2 Sifu-Rusty Linux - Newbie 2 03-14-2003 05:52 AM


All times are GMT -5. The time now is 08:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration