在Linux上运行可执行文件最安全的方法是什么? [英] What is the safest way to run an executable on Linux?
问题描述
我试图运行一个从未知来源的C代码编译的程序。我想确保该程序无论如何不会伤害我的系统。例如,程序可能有如源代码中的 system(rm -rf /)
,这是不可检测的,除非代码被彻底检查。 / p>
我想到了以下两种方式:
- 在linux上构建一个Windows EXE文件并在wine上运行
这两种解决方案都不是很优雅的解决方案我不能自动化他们。而且,如果是1,它可能会损害虚拟机。
任何帮助将不胜感激。
我想在我们可以称之为沙箱的地方运行程序。
Geordi 使用chroot和syscalls截取的组合来编译然后沙盒中的任意代码。
I am trying to run a program compiled from C code from an unknown source. I want to make sure that the program does not harm my system in anyway. Like for instance, the program might have soemthing like system("rm -rf /")
in the source, which is un-detectable, unless the code is thoroughly examined.
I thought of the following 2 ways
- Run it inside a VM like VMWare
- Build a windows exe on linux and run on wine
Both are not very elegant solutions and I cannot automate them. and also, in case of 1, it can harm the VM.
Any help would be appreciated.
I want to run the program in what we can call a "sandbox".
Geordi uses a combination of chroot and interception of syscalls to compile and then sandbox arbitrary code.
这篇关于在Linux上运行可执行文件最安全的方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!