I want to run untrusted code, pipe it input, redirect its output to a file, and verify that output all from a script. This has to happen automatically and preferable with as little down time between runs of untrusted code as possible. Is gresecurity the right tool for this task, or is something else better suited for what I want. The code I'm running should be very basic and not try to do anything 'deep'. If it is trying to do anything strange, its ok to assume the code isn't what I want and abort it without continuing, regardless of if it would be ultimately a trusted action.
Thanks.
Is grsecurity the right tool for what I want to do?
2 posts
• Page 1 of 1
Is grsecurity the right tool for what I want to do?
by cep221 » Wed Mar 29, 2006 2:26 pm
- cep221
- Posts: 1
- Joined: Wed Mar 29, 2006 2:23 pm
Re: Is grsecurity the right tool for what I want to do?
by Raf256 » Wed Mar 29, 2006 4:09 pm
cep221 wrote:I want to run untrusted code, pipe it input, redirect its output to a file, and verify that output all from a script. This has to happen automatically and preferable with as little down time between runs of
IMHO, yes, grsecurity seem good for it.
Use all protections like direct ports I/O (that option that disables xfree driver), probably PaX randomization is not needed here (since the code is "evil" already, and you want to isloate it).
Grsecurity improves chroot jail - to make it realy secure.
In addition use RBAC policy to strongly limit rights of the untrusted code.
- Raf256
- Posts: 72
- Joined: Mon Sep 19, 2005 8:38 pm
2 posts
• Page 1 of 1