Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
I want to make a program run but I want to limit it's reading, writing and execution rights to the stdin and stdout only.
The program should not be able to modify anything else than the stdin and stdout.
I think I could use chmod for this and maybe assign a userid to the program of a user with very few rights. The disadvantage would be that I need to create a dummy user.
Is there a way to restrict the file-acces with as few modifications to my system as possible?
My OS is an Ubuntu.
I would also like to be able to limit the memory the program is allowed to use when running.
7 replies to this topic
Back to top|
|
|
#2
Posted 16 June 2010 - 11:27 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
I'm a little confused about that. Do you mean you want to give it no rights to access files at all? Depending on what else you want it to do, that could be awkward. Ultimately, you can choose to only use stdin and stdout, but a pipe or redirect will get around that. Running it as a special user isn't really limiting the program, just the environment.
#3
Posted 16 June 2010 - 11:43 AM
Somelauw
-
- Members
-
- 18 posts
Newbie
WingedPanther said:
Ultimately, you can choose to only use stdin and stdout, but a pipe or redirect will get around that.
Yes, I want to limit it's input/output to stdin/stdout.
I don't understand how the program is able to get around this using piping or redirect.
#4
Posted 16 June 2010 - 12:46 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
When you call a program from the command line, you can specify the input/output to be results of other programs, files, etc. The result is that the OS will hook stdin/stdout to something other than the keyboard/monitor.
#5
Posted 16 June 2010 - 12:56 PM
Somelauw
-
- Members
-
- 18 posts
Newbie
WingedPanther said:
When you call a program from the command line, you can specify the input/output to be results of other programs, files, etc. The result is that the OS will hook stdin/stdout to something other than the keyboard/monitor.
That's completely fine and it's even what I want.
Can you tell me how to restrict a program like this?
#6
Posted 16 June 2010 - 03:49 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
Only use stdin and stdout for your output when you code it. It's more of a languages issue than an OS issue.
#7
Posted 16 June 2010 - 11:30 PM
Somelauw
-
- Members
-
- 18 posts
Newbie
WingedPanther said:
Only use stdin and stdout for your output when you code it. It's more of a languages issue than an OS issue.
Yes, but I want to limit it externally since I am not writing the program itself.
#8
Posted 17 June 2010 - 07:28 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
I don't think this will be possible. If you provide support to load the libraries for using stdin/stdout, then other libraries can be loaded as well, for things like GUI interfaces, etc.
