[clug] Process sandboxing
jm
jeffm at ghostgun.com
Wed Jul 13 21:43:34 MDT 2011
Anyone have any thoughts on sand boxing a process on linux? I was
originally thinking of using chroot, but this still leaves network
access and a few other holes open. The objective is to allow untrusted
third parties to upload scripts to a server for it to run with the only
way to communicate out being via functions I provide. It seems all the
most common scripting languages make it nearly impossible to easily
remove/limit functionality from the language. So the overhead of going
that way would be a killer most likely involving modifying the
interpreter for each language used. The alternative would be to get the
OS to limit what the scripts can do. Alright over to you guys.
Jeff.
More information about the linux
mailing list