Geek Answers Handbook

Build security

I am currently offering build compilation services for some people. They can enter their assembly code in an online editor and compile it. When it is compiled, the code is sent to my server using an ajax request, the program output is compiled and output.

However, I wonder what I can do so as not to cause serious damage to the server. I am completely new to build on my own, so what is possible when they run their script on my server? Can they delete or move files? Is there a way to prevent these security issues?

Thank you in advance!

+7
source share
3 answers

Take a look at http://sourceforge.net/projects/libsandbox/ . It is designed to do exactly what you want on a linux server:

This project provides an API in C / C ++ / Python for testing and profiling simple (single processes) programs in a restricted environment or in an isolated environment. Executions of executable programs in binary mode can be fixed and blocked in accordance with custom / programmable policies.

Sandbox libraries were originally developed and used as the main security module of the full-featured online judging system for ACM / ICPC training. Since then, they have become a universal tool for testing, profiling and limiting the security of binary programs. Sandbox libraries are currently supported by the OpenJudge Alliance (http://openjudge.net/) as a standalone open source project to facilitate various assignment classification solutions for IT / CS training.

+3
source

If this is a training service, so customers just need to test different build code and donโ€™t need to perform operations outside of their program (for example, reading or changing the file system), then another option is to allow only the selected subset of instructions. In particular, do not allow any instructions that can make system calls, and only allow limited instructions for transferring control (for example, without returning, branches only for labels defined in the user code, etc.). You can also provide some limited ways to return output, such as calling a library that prints any value in a specific register. Do not allow data to be declared in the text (code) section, as any machine code can be entered as numeric data.

Although I wrote โ€œanother optionโ€, this should be in addition to others that other respondents suggested, such as a sandbox.

This method is error prone and, if used, must be carefully and thoroughly developed. For example, some assemblers allow multiple instructions on the same line. Thus, just ensuring that the text in the first field of the line instruction is acceptable, skip the remaining instructions in the line.

+3
source

Compiling and running other arbitrary code on your server is exactly what arbitrary code execution is doing. Executing arbitrary code is the holy grail of every attacker. Someone can probably use this question to find your service and use it on this second one. Stop the service immediately. If you want to continue running this service, you must compile and run the program in a sandbox. However, until this is implemented, you must suspend the service.

You must run the code in the sandbox of the virtual machine, because if the code is malicious, the sandbox will prevent damage to your actual OS. Some virtual machines include VirtualBox and Xen. You can also perform some kind of signature detection in the code to search for known malicious functions, although you can detect any form of signature detection.

This is a link to the VirtualBox homepage: https://www.virtualbox.org/

This is the link to Xen: http://xen.org/

+1
source

More articles:


All Articles