Sandbox server

A

Adem24

How would one program a sandbox?

Let's say the server and all clients have the same architecture,
and environment (for example 32bit x86-Linux environment).
The server shall offer sandbox services to clients.
A remote client can get a sandbox (an empty directory space)
on the server, upload his precompiled executable program,
start it, and then disconnect. When the program finishes
then the sandbox server sends a notification to the
email adress of the client.
Then the client can connect to the sandbox and
pick up the result file.
So, there is no need for manual login; everything should be
done programmatically via an agreed upon protocol (API).

The main problem here is security and safety.
The client program shall not be able to access any
other directories on the server except its own directory
and the subdirectories it can create therein.
And, the sandbox client shall be allowed to use only some
predetermined services, ie. only those that were explicitly
allowed him to use, for example a specific tcp port
and a specific ip-adress. And disc space, memory,
and the # of file handles the user can use shall be restricted too.
These limits are mainly for protecting the server itself
from possible bad code of the clients.

Ie. the sandbox server shall execute the program of the
client in a controlled manner by ensuring that the client program
does no harm to the server and also that the client program
does not get access to other areas and services of the system
beyond the sandbox. And that the client does not use all the
disc space, ram, file handles, CPU priority, network bandwidth etc.

Performance is important. The client wants to run his number-crunching
program on the server because it is a much faster machine.

Is such a sandbox server feasable and if yes, what would one need
for developing such a safe&secure sandbox server?
Can this be realized in C/C++ or does one need also assembler programming,
if yes then how much % of the code would be needed to be done in assembler?
 
W

Walter Roberson

How would one program a sandbox?
Let's say the server and all clients have the same architecture,
and environment (for example 32bit x86-Linux environment).
The server shall offer sandbox services to clients.
A remote client can get a sandbox (an empty directory space)
on the server, upload his precompiled executable program,
start it, and then disconnect.
Is such a sandbox server feasable and if yes, what would one need
for developing such a safe&secure sandbox server?
Can this be realized in C/C++

The standard C library does not provide any network or security
services. What you are asking for cannot be done in portable C.
Possibly it could be done by using C plus some operating system
specific extensions; you would have to inquire about those extensions
in a newsgroup that deals with that specific operating system.
or does one need also assembler programming,
if yes then how much % of the code would be needed to be done in assembler?

We have no way of knowing here. It would depend upon what
system services the operating system and hardware together could
provide. There is no general reason why it would be impossible for
an operating system / hardware combination to provide all necessary
services and give a C-compatible interface to them, but whether or not
a particular system does so is not for us to say. You need to check
newsgroups or resources that are more specific.

The people in comp.security.misc might perhaps have some thoughts
on the overall sandbox scheme.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,968
Messages
2,570,149
Members
46,695
Latest member
StanleyDri

Latest Threads

Top