GCC如何阻止程序中的系统调用? [英] GCC how to block system calls within a program?
问题描述
有没有人告诉我如何阻止程序中的一些特定的系统调用,好吗?我建立一个系统,它采用了一块C源$ C $ C的,用gcc编译并运行它。为了安全起见,我需要prevent从调用一些系统调用编译后的程序。有没有办法做到这一点,从源头code级(例如剥离GCC的头文件,检测恶意外部调用,...)的可执行程度?
Does anyone tell me how to block some specific system calls within a program, please? I am building a system which takes a piece of C source code, compiles it with gcc and runs it. For security reasons, I need to prevent the compiled program from calling some system calls. Is there any way to do it, from the source code level (e.g. stripping the header files of gcc, detecting malicious external calls, ...) to the executable level?
的编辑#1:的加入有关恶意呼叫的详细信息。
Edited #1: Add details about malicious calls.
的编辑#2:的我的系统是GNU / Linux的之一。
Edited #2: My system is a GNU/Linux one.
的编辑#3:的
我曾尝试在几天之内的一些方法,这里是到目前为止,我已经得到了结论:
I have tried some methods within a few days and here are the conclusions I've got so far:
- 扫描源$ C $ C没有解决的主要问题,因为人们总是可以obsfucate他/她的C源文件相当不错。
- 覆盖C符号可以很好地用于图书馆,但是对于系统调用我还没有达到我想要的东西。这种想法是没有死,但是,这样做肯定会引起我很多的时间来修改(GCC和/或LD)。
- 权限deescalation就像一个魅力。我可以使用fakeroot的还是一个guest用户这样做。这种方法也最容易实施的。
另一种是本地客户端我还没有试过,但我肯定会在不久的将来,由于项目和我的工作之间的共同。
The other one is native client which I have not tried yet but I definitely would in near future due to the common between the project and my work.
推荐答案
正如其他人指出,这是不可能的方案,以避免系统调用,他们permate C库所有的地方。
As others have noted, it's impossible for a program to avoid making system calls, they permate the C library all over the place.
然而,如果你的平台支持(如Linux)的你也许可以取得一些进展与谨慎使用LD_ preLOAD机制,:你写的具有相同符号的名称作为那些在C库的共享库,这是所谓的而不是的预期libc函数。 (例如,电围栏被构建为在基于Debian的系统和拦截共享库调用的malloc ,免费等人)中
However you might be able to make some headway with careful use of the LD_PRELOAD mechanism, if your platform supports it (e.g. Linux): you write a shared library with the same symbol names as those in the C library, which are called instead of the intended libc functions. (For example, Electric Fence is built as a shared library on Debian-based systems and intercepts calls to malloc, free et al.)
我怀疑你可以利用这一机制来捕获或参数检查调用你不喜欢的libc函数,或许要注意那些你认为无条件安全的。那么它可能是合理的扫描对应于 INT 80 来捕获任何企图使原系统调用的code编译可执行文件( 0XCD 0x80的 - 虽然提防假阳性)。不过我只给这个思想的几分钟,我可以很容易错过了一些东西,或这可能变成是不切实际的......
I suspect you could use this mechanism to trap or argument-check calls to any libc functions you don't like, and perhaps to note those which you consider unconditionally safe. It might then be reasonable to scan the compiled executable for the code corresponding to INT 80 to trap out any attempts to make raw syscalls (0xcd 0x80 - though beware of false positives). However I have only give this a few moments of thought, I could easily have missed something or this might turn out to be impractical...
这篇关于GCC如何阻止程序中的系统调用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
