Menu
Search

Forums

Forum Index

Jump to page: 1 2
Thread overview
Restrict access to "critical" functions
Dec 12, 2011
Christian Köstlin
Dec 14, 2011
Kagamin
Dec 14, 2011
Timon Gehr
Dec 15, 2011
deadalnix
Dec 15, 2011
Jonathan M Davis
Dec 15, 2011
Timon Gehr
Dec 14, 2011
bearophile
Dec 14, 2011
Kagamin
Dec 14, 2011
Andrew Wiley
Dec 21, 2011
Kagamin
Dec 14, 2011
Adam D. Ruppe
Dec 14, 2011
mta`chrono
Dec 18, 2011
Bystroushaak
Dec 18, 2011
Manfred_Nowak
December 12, 2011
Gravatar of Christian KöstlinPosted by Christian KöstlinReply
Christian Köstlin
Gravatar of Christian Köstlin


Reply
Hi,

I want to restrict the access of a piece of d2-code to just some
functions I declare allowed. E.g. I would like to forbid all access
to io and prevent the program to format my hd. Or even better I would
like to tell D2 which functions of the std-libraries are allowed, all other functions should not be callable.

Goal would be to have a possibility to compile and let run code from random people (some of them perhaps evil minded), watch over the processes and kill them, if they take too long or use up too much memory.

Thanks in advance

Christian Köstlin
December 14, 2011
Gravatar of KagaminPosted by Kagamin
in reply to Christian Köstlin		Reply
Kagamin
Gravatar of Kagamin
Posted in reply to Christian Köstlin


Reply
> Goal would be to have a possibility to compile and let run code from random people (some of them perhaps evil minded), watch over the processes and kill them, if they take too long or use up too much memory.

I believe this is what SafeD is for.
December 14, 2011
Gravatar of KagaminPosted by Kagamin
in reply to Christian Köstlin		Reply
Kagamin
Gravatar of Kagamin
Posted in reply to Christian Köstlin


Reply
You can also try to run arbitrary D code at codepad.org, see http://codepad.org/f4b7wPhn for example.
December 14, 2011
Gravatar of Timon GehrPosted by Timon Gehr
in reply to Kagamin		Reply
Timon Gehr
Gravatar of Timon Gehr
Posted in reply to Kagamin


Reply
On 12/14/2011 01:28 PM, Kagamin wrote:
>> Goal would be to have a possibility to compile and let run code from
>> random people (some of them perhaps evil minded), watch over the
>> processes and kill them, if they take too long or use up too much memory.
>
> I believe this is what SafeD is for.

SafeD eliminates the possibility of memory corruption, it does not prevent the program from messing with the system.
December 14, 2011
Gravatar of bearophilePosted by bearophile
in reply to Kagamin		Reply
bearophile
Gravatar of bearophile
Posted in reply to Kagamin


Reply
Kagamin:

> I believe this is what SafeD is for.

Nope. SafeD is just for "memory safety".

Bye,
bearophile
December 14, 2011
Gravatar of Andrew WileyPosted by Andrew Wiley
in reply to Christian Köstlin		Reply
Andrew Wiley
Gravatar of Andrew Wiley
Posted in reply to Christian Köstlin


Reply
2011/12/12 Christian Köstlin <christian.koestlin@gmail.com>:
> Hi,
>
> I want to restrict the access of a piece of d2-code to just some
> functions I declare allowed. E.g. I would like to forbid all access
> to io and prevent the program to format my hd. Or even better I would
> like to tell D2 which functions of the std-libraries are allowed, all other
> functions should not be callable.
>
> Goal would be to have a possibility to compile and let run code from random people (some of them perhaps evil minded), watch over the processes and kill them, if they take too long or use up too much memory.
>
> Thanks in advance
>
> Christian Köstlin

Honestly, I don't think what you're looking for is possible in *any*
statically compiled systems language. The kind of thing you're looking
for is pretty much limited to VM languages that can enforce security
restrictions at runtime.
In particular, having direct access to assembly code and the stub C
libraries for syscalls means that even if the compiler denied the user
access to a certain library, the user could write the code needed to
invoke a syscall to load that library into memory and make calls into
it, and they could bypass all safety checks if they were determined
enough.
December 14, 2011
Gravatar of Adam D. RuppePosted by Adam D. Ruppe
in reply to Christian Köstlin		Reply
Adam D. Ruppe
Gravatar of Adam D. Ruppe
Posted in reply to Christian Köstlin


Reply
On Monday, 12 December 2011 at 18:48:17 UTC, Christian Köstlin wrote:
> Goal would be to have a possibility to compile and let run code from random people (some of them perhaps evil minded), watch over the processes and kill them, if they take too long or use up too much memory.


This is something you should set up in the operating system. The
programming language can't do much to help here.

On the operating system, create a new limited user account for
the random people code. Limited user accounts can't format hard
drives.

Then, make sure your other files have the proper permissions so
the new user can't read/modify them. (This should mostly be done
already on any OS installation.)

You might add a disk quota to prevent them from using too much
disk space, not not give them any write access at all.


Finally, set CPU and memory limits on the user processes. In Linux,
see "man setrlimit" for some info.
December 14, 2011
Gravatar of mta`chronoPosted by mta`chrono
in reply to Christian Köstlin		Reply
mta`chrono
Gravatar of mta`chrono
Posted in reply to Christian Köstlin


Reply
Maybe you should use a VM to run your restricted applications. Or have a look a chroot, dchroot or schroot, to setup such stuff. The Programming Language will not help you in this case!
December 15, 2011
Gravatar of deadalnixPosted by deadalnix
in reply to Timon Gehr		Reply
deadalnix
Gravatar of deadalnix
Posted in reply to Timon Gehr


Reply
Le 14/12/2011 13:48, Timon Gehr a écrit :
> On 12/14/2011 01:28 PM, Kagamin wrote:
>>> Goal would be to have a possibility to compile and let run code from
>>> random people (some of them perhaps evil minded), watch over the
>>> processes and kill them, if they take too long or use up too much
>>> memory.
>>
>> I believe this is what SafeD is for.
>
> SafeD eliminates the possibility of memory corruption, it does not
> prevent the program from messing with the system.

Nothing does expect thing that doesn't have side effect.

So basically, the OP only want pures function. They exists in D, but I highly doubt you can produce anythoing usefull using only pure function.

Even haskell has non pure functions (IO monad for exemple).
December 15, 2011
Gravatar of Jonathan M DavisPosted by Jonathan M Davis
in reply to deadalnix		Reply
Jonathan M Davis
Gravatar of Jonathan M Davis
Posted in reply to deadalnix


Reply
On Thursday, December 15, 2011 13:57:21 deadalnix wrote:
> Even haskell has non pure functions (IO monad for exemple).

Actually, Haskell is a 100% purely functional language. Monads are completely pure. They're _how_ Haskell manages to be pure with I/O, when every functional language before them had had to be impure with regards to I/O.

- Jonathan M Davis
« First   ‹ Prev
1 2
Next ›   Last »