I was checking out codepad.org and a while(1) fork gave the following output.
Disallowed system call: SYS_fork
Check this link for exact details. http://codepad.org/rNR9mMVv
Googling more, I got to to know that they also disable system call using sockets.
Disallowed system call: SYS_socketcall开发者_开发百科
Can anyone tell me how one can disable certain system calls before running the program in a sandboxed environment?
By replacing runtime libraries with mocks that have empty stubs or exception throwers instead of real functions?
If you're willing to pay the performance penalty, ptrace() can be used for this. There's another way I cannot seem to find right now.
System calls work by injecting the function into the process by the operating system. If, however, you wrote a custom loader for your favourite executable format, you would have the power to link it against your own. You could also binary alter the executable, if the format allows for it, to pull those functions from a separate dynamic library, provided by you.
I know this is an old question, but I was researching the same stuff, so here is my suggestion - use SELinux. The Gentoo project, has some nice stuff about SELinux. Have a look at the SELinux Policy Types (4.b), and the targeted policy in particular. I'm not sure about codepad.org, but the similar ideone.com uses Gentoo, so perhaps SELinux should be the easiest way to go.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论