I want to let users run custom programs in my web server without compromising the security. I have tried installing plash for days to amd64 server on Debian Etch (using Dreamhost web hosting) but failed in many cases when compiling from source.
Any other suggested sandboxing programs?
For example:
shobj/rtld-libc.a(rtld-bsd-_setjmp.os): In function `_setjmp':
../sysdeps/x86_64/bsd-_setjmp.S:35: undefined reference to `__GI___sigsetjmp'
/usr/bin/ld: shobj/rtld-libc.a(rtld-bsd-_setjmp.os): relocation R_X86_64_PC32 against `__GI___sigsetjmp' can not be used when making a shared object; recompile with -fPIC
-
what about setting them up using chroot? That will allow you to change their definition of root (perhaps to the users directory) and then they can work within there.
womble : Needs root access.James Deville : didn't know that root access wasn't allowed in this question. I knew they were using DH, but I assumed other techniques were valid.From James Deville -
Plash won't work: "Plash effectively disables these system calls by putting the sandboxed process in a minimal chroot() jail" -- chroot requires root privs. Without root access I'm pretty sure you can't do this, because anything you can do the process you're trying to sandbox can undo (LD_PRELOAD hacks, etc). I'd get a cheap VPS you do have root access on and run them there. For $20/month (or less), it's hard not to justify it -- especially when you've spent several days failing with plash. How much is your time worth?
yuku : I'll consider that. Why did I spend several days for plash is because I knew that I learn something about linux, building process, library dependencies and so on - and not only depend on what build script the author provides.womble : I would say you haven't learnt a lot from your efforts.From womble -
The usual sandboxing solutions involve either
chroot()
or some type of (para-)virtualization, such as VMWare or User Mode Linux. Both options require root access however (Edit: UML might run without root access).Still, this would probably be the easiest way to go (mature software, widely deployed, many docs), so I'd concur womble's suggestion to try and get some hosting that gives you root access.
If root access is not feasible, your only option probably is to limit users at the application level.
Many runtime environments (Java, PHP, Apache) allow imposing some kind of restrictions on programs they run, e.g. let you limit the memory a process may use, or its maximum duration. You could try that; what is possible would depend on what kinds of programs you want to allow. It is less secure than chroot/virtualization, but might be enough depending on your security needs.
BTW: How do you give secure access to users? As non-root, I assume you cannot create user accounts?
asdmin : user mode linux can be ran without any special permissions, so it might be the way to go.sleske : @asdmin: Thanks, didn't know that.womble : I'd love to see how long you'd last before Dreamhost found and shut down your UML instance. It's not exactly unobtrusive.sleske : @womble: Why do you think Dreamhost would object? UML is just another process (that's the nice thing about it), so why should it be "obtrusive"? It will probably eat a fair amount of memory, but otherwise I don't see any problem.womble : It'll probably far exceed the resource limits provided for a shared hosting account, and at a business level they'd want to sell you a VPS rather than let you run your own UML instance.yuku : It's a native process without any runtime environment. More exactly, what I'm trying to do is to provide users an environment to write and run Go programs (www.golang.org). I'm looking not to virtualize the whole OS, but just a sandbox like what Google Chrome does onto its child processes.From sleske
0 comments:
Post a Comment