#1
  1. BANGLADESHI HACKER ;)
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    Chittagong -> CRB -> House on the Hill -> My Room :)
    Posts
    15
    Rep Power
    0

    Dangerous System Functions for Servers !!!


    If I have to compile and run any C/C++ program sent by any client PC by submit-o-matic or email to the server, how can I check that he isn't using malicious server functions???

    Is there any way to check wether he/she is trying to use system resources???

    Can anyone provide me with the list of those functions and Macros???
  2. #2
  3. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    sorry i'm not quite following. people are going to send you code which you will then compile and run from your server? is this stuff running suid root or "Admin" privileges? #define malicious as well. what exactly are you allowing/disallowing?
  4. #3
  5. BANGLADESHI HACKER ;)
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    Chittagong -> CRB -> House on the Hill -> My Room :)
    Posts
    15
    Rep Power
    0
    My project is like this one:

    http://acm.timus.ru/submit.asp

    And now you will understand why I should protect my server :( !!!
  6. #4
  7. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,607
    Rep Power
    4247
    For *NIX systems, there's always systrace. See http://www.systrace.org/ and also read the articles by Michael Lucas http://www.onlamp.com/pub/a/bsd/2003...y_Daemons.html and http://www.onlamp.com/lpt/a/3260 for how to use it.

    Note that systrace was originally written for OpenBSD and NetBSD, but has been ported to Linux and Mac OSX. The FreeBSD port is still a work in progress.

    Also, The Hairy Eyeball(http://www.blafasel.org/~floh/he/) has a repository of systrace scripts.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  8. #5
  9. Left due to despotic ad-min
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Posts
    1,044
    Rep Power
    14
    This is actually a surprisingly tough question.

    I'm assuming you want a server that people can download C++ source code to, and your server will compile and execute it unless it finds an error.

    One way is to configure a compiler and it's library to enforce whatever constraints you wish. Another approach is to have a person in the loop who reviews the code, but I assume you want to avoid that. You will wish to ensure your library has no non-standard functions (eg the system() call, functions like sprintf), and also does not allow creating files on the server.

    You may wish to write a preprocessor that checks for and prevents the following;
    a) usage of raw pointers.
    b) bounds checking violations
    c) explicit or implicit typecast of pointer types.
    d) use of the various _cast operators
    e) statements with multiple side effects (very easy to introduce undefined behaviour, which results in potential security holes).

    One simple way is to compile and execute the code, but only execute it in the context of a very unprivileged user. The challenge is configuring a user account to do that (and being able to spawn the process to execute it as that user). This obviously relies on having an operating system that allows you to enforce user privileges.
  10. #6
  11. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    also, what about the security issue?lets say you check the source, but i.e. it would be trivial to write a program vulnerable to bufffer overflow, and then exploit it that way to execute the code you want to execute. how to fix? stackguard is one option. but then they could use format strings and the GOT instead. so i donno, just some stuff to tihnk about.
  12. #7
  13. BANGLADESHI HACKER ;)
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    Chittagong -> CRB -> House on the Hill -> My Room :)
    Posts
    15
    Rep Power
    0
    Originally posted by grumpy
    This is actually a surprisingly tough question.

    I'm assuming you want a server that people can download C++ source code to, and your server will compile and execute it unless it finds an error.

    One way is to configure a compiler and it's library to enforce whatever constraints you wish. Another approach is to have a person in the loop who reviews the code, but I assume you want to avoid that. You will wish to ensure your library has no non-standard functions (eg the system() call, functions like sprintf), and also does not allow creating files on the server.

    You may wish to write a preprocessor that checks for and prevents the following;
    a) usage of raw pointers.
    b) bounds checking violations
    c) explicit or implicit typecast of pointer types.
    d) use of the various _cast operators
    e) statements with multiple side effects (very easy to introduce undefined behaviour, which results in potential security holes).

    One simple way is to compile and execute the code, but only execute it in the context of a very unprivileged user. The challenge is configuring a user account to do that (and being able to spawn the process to execute it as that user). This obviously relies on having an operating system that allows you to enforce user privileges.
    Thanks for your good suggesion!

    Then you are saying that I should use Linux and define access levels ???

    BUT HOW ???
  14. #8
  15. Left due to despotic ad-min
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Posts
    1,044
    Rep Power
    14
    I wasn't actually suggesting Linux, but it can certainly be used. Any operating system that has a means by which a user can be granted or denied privileges is enough. All flavours of unix support that, as does windows NT/2000/XP, VMS, etc etc. For example, a guest account under NT may be enough for your purposes.

    With Linux, it depends on the flavour. With redhat, you can use Linuxconf. Then go down through the menus to Config/User Accounts to configure particular accounts. Somewhere in that menu structure, you will find a way to allow or deny various privileges to various types of users.

    In general terms, privileges are used to grant or deny access to hardware, devices, system resources (eg memory). Individual devices can have assigned protections to deny or permit access by some users and not others (although a suitably privileged user can bypass protections). Once an account with suitable privileges (or lack thereof is set up), then a suitably privileged user can use setgid/setuid to launch processes owned by that user --- and therefore constrained by the privileges.

    Look in the man pages for

    exec (spawning of processes)
    setuid (set user identification)
    setgid (set group identification)

    for info on the function calls (or, if you're working from a shell script, the commands) to do this sort of stuff. I don't have the info at my fingertips, but this should be enough to get you started.
  16. #9
  17. BANGLADESHI HACKER ;)
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    Chittagong -> CRB -> House on the Hill -> My Room :)
    Posts
    15
    Rep Power
    0
    Thanks Grumpy!
    I'll try and if any problem occurs, I know you people are there :)

IMN logo majestic logo threadwatch logo seochat tools logo