How to build a secure server with modules written in C/C++?

• Previous message: Richard L. Hamilton: "Re: Hardening a Solaris system."
• Next in thread: Volker Birk: "Re: How to build a secure server with modules written in C/C++?"
• Reply: Volker Birk: "Re: How to build a secure server with modules written in C/C++?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 22 Nov 2003 08:45:49 -0800

Hi there,

I'm planning to develop a little server software in C/C++. I'd like to
give it the ability to invoke functions contained in shared libraries
using dlopen(). The shared libraries might be distributed in the form
of packages, for example, which have to be installed on the server.
With regard to security, it's essential that modules contained in one
package aren't able to access data of another package in memory or on
the hard disk. In case one module wants to invoke another one, that
invocation should be controlled by the server (only). Therefore,
modules should not be able to influence the server or even the
operating system in any way they're not permitted to.

The more I thought about the problem, the more I realized that what I
need is some sort of sandbox/jail for C/C++ modules.

Apart from the idea that probably all modules of different packages
have to run in different processes (so that they wouldn't share the
same address space), another idea is that I could perhaps encapsulate
the functionality of system libraries in libraries written on my own.
They would realize some sort of access control based on policies
similar to the ones which are used with Java. That could work, as long
as I was able to force modules only to use my own library calls (at
runtime). In case that's not possible, another approach I thought of
is to check the packages for disallowed library/system calls, even
before executing them.

Can any of my ideas be realized at all without using a VM? Are there
any examples of "sandboxes" for C/C++? Are there any server programs
in C/C++ which are able to isolate modules from another and could
serve as an example of how to do it the right way?

Thanks in advance for any answers,

Marco

• Previous message: Richard L. Hamilton: "Re: Hardening a Solaris system."
• Next in thread: Volker Birk: "Re: How to build a secure server with modules written in C/C++?"
• Reply: Volker Birk: "Re: How to build a secure server with modules written in C/C++?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ANN: Basil -- Internet Message (email) and MIME library for Ada v 1.0 ... going to need this glue for your mailing list server anyway. ... small but related libraries into larger ones, ... gnade 1.6.1: 61 kSLOC ... I personally prefer to work on a few large packages rather ... (comp.lang.ada) Re: installing X ... What is the quickest way to install X/CDE from CD? ... do I need other packages as well? ... Pipeline Libraries ... Method Server Package ... (comp.unix.solaris) Looking for username password login component ... libraries required you to have control of the server because you have ... the server since I'm just using cheapo hosting for the time being. ... Does anyone have experience with either of these packages? ... (comp.lang.php) RE: Perf Library and connectivity errors ... Thanks you for posting in SBS newsgroup. ... between Exchange server and Client outlook application after installing SBS ... 9099 event can indicate a WMI issue on your Exchange ... connected are pasted below - where can I update the libraries? ... (microsoft.public.windows.server.sbs) Re: Abiword 2.0.aaarrrrrghghghhghgh ... checks whether files or features are registered with the RPM database. ... so SuSE packages may fail to recognize features ... I install Rawhide packages on production ... There's lots of movement in GUI libraries at the moment, ... (RedHat)