如何限制程序的文件权限 [英] How to limit file permissions of a program
问题描述
我有一个问题:为了保证服务器的安全,我必须让程序不是有权读取或写入任何文件
该程序是另一个用户通过在线评审系统提交的内容。它不是服务器程序本身。
在线评审系统的用户提交他们的源代码,然后服务器程序编译并运行它。所以服务器程序必须保证服务器的安全。
我的平台是Windows,我使用C ++进行编程。
<有人可以给我一些建议吗?
解决方案
你不能轻易地阻止一个程序本身做什么,这是不可能的该程序是非恶意的。
你可以做什么:作为一个用户有限(接近非)的访问权限运行该程序。您的服务器程序需要成为该用户并执行已编译的程序。您可能还想使用该用户帐户来实际编译程序(不太可能的情况下,有人知道如何利用您的编译器)。
执行程序作为不同的用户是: runas 。
I am a student that wants to design an online judge system.
I have a problem: In order to keep the server safe, I must make the program not have rights to read or write any files The program is what another user submits through the online judge system. It isn't the sever program itself.
The users of the online judge system submit their source code, then the server program compiles and runs it. So the server program must keep the server safe.
My platform is Windows, I use C++ for my programming.
Can anyone give me some suggestions?
You cannot easily prevent what a program itself does and it is not possible to verify that the program is non-malevolent.
What you can do: Run the program as a user with limited (close to non) access-rights. Your server program needs to become that user and execute the program it has compiled. You possibly want to also use that user-account to actually compile the program (in the unlikely case someone knows how to exploit your compiler).
The windows command to execute a program as a different user is: runas.
这篇关于如何限制程序的文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
