Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Paramount

Status
Not open for further replies.
ahsan786

ahsan786

Technical User
Feb 4, 2004
12
HK
Hi,
There is a server that is designed to take programming files from the
client and then run them on the machine.
The languages that may be used are: c, c++, java
Now the challenge is how to make the system secure.

here is some ideas that were introduced through some discussions with some friends:
1. look for keywords.
2. do not let the clients get out of their assigned directory.

problem with 1: a lot of update of keywords that may be dangerous to the machine.
plus there is usually a way around it to jeapordise the system.

problem with 2: actually this problem was nearly solved had the system
be running on unix, but the programs are run using dos prompts. the
solution discussed was that do not let the client get out of their
assigned directory and thus it does not effect the system.

Do you experts have any idea?
(the program is built using servlets and jsp)

thank you.
 
Sort by date Sort by votes
If it's not Unix, which MS Operating system is it?

This would have done nicely, but you seem to have ruled it out

> but the programs are run using dos prompts.
That covers everything
You can easily run command line programs on Unix/Linux as well.

--
 
Upvote 0 Downvote
I don't quite understand how your program is going to work with C/C++ files. You mean your program will accept the C/C++ source files, automatically compile them and run them?

You need to understand that C/C++ is different from Java. Java is an interpreted language and therefore its execution is confined within the JVM. If you are looking to impose limitations on Java programs, I suggest that you should mess around with the JVM settings.

On the other hand, C/C++ programs are compiled into the native machine binary and therefore become totally independent programs. Imposing limitation on these C/C++ programs can become quite difficult. One approach is to define the ownership of the files. However, that approach is not foolproof. Those programs can still mess around with the system if they are intended to do so. Detecting malicious source codes through keywords is not practical either. Another approach that you can use is to exclude / delete C/C++ library that is system-related. The drawback of this approach is that those source files that use those library will not compile, and advanced users can still write their own implementation of the missing library. Perhaps, you can look into your C/C++ compiler manual and see whether you can run those programs in debug mode and tweak the settings of the debug mode?

I still think that compiling (and running) questionable C/C++ source files on your machine is dangerous.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arznrchrd
  • Locked
  • Question
Security Rights of C++ DLL
Replies
0
Views
45
arznrchrd
arznrchrd
drewdaman
  • Locked
  • Question
security attributes for CreateEvent(...)
Replies
0
Views
89
drewdaman
drewdaman
Guest_imported
  • Locked
  • Question
How does I can check security settings on a folder under Win2k?
Replies
0
Views
48
Guest_imported
Guest_imported

Part and Inventory Search

Sponsor

Back
Top