I'm writing a kind of a generic contester system for ACM solutions (like TopCoder, Timus and others). When user sends his solution using web-service, i need to run/compile it. And i want to set restrictions to it in order to run them safe (no access to outer files, no ability to get system time, cannot change working directory etc)
There're two kinds of user solutions:
solutions, that can be compiled (aka c/c++/pascal), also jit-ed and bytecode solution (c#, java)
interpreted solutions (lisp/ruby/python/php)
Contester system is written in C# for .NET 3.5. Contester can run in Linux on Mono and in Windows on .NET.
What's the best way to do it? If there's ability to restrict compiled solutions (using PermissionAttributes), but i have no idea how to restrict interpreted solutions.
Easiest (seeing you probably need full trust) is to run under a very limited user account. IIRC the guest account cannot be used for this.
Edit:
A clean VM might ideal.
Related
I am trying to follow this tutorial:
https://codingvision.net/security/c-inject-a-dll-into-a-process-w-createremotethread
but kernel32.dll and its functions can only be used on windows.
What can I use instead to inject dlls on mac?
If you are injecting kernel32 then it means that you are actually injecting a native library designed for Windows. There is no 1-to-1 alternative apart from possibly ones within libraries like WINE, but avoid such hacks.
Instead consider finding an alternative in the API of the actual system. You should find the respective method in the API of the system which you are currently running and conditionally execute different calls.
Yet be sure to know that the best approach would bo to AVOID using direct system calls and operate only within .NET, especially that if you find a way to execute required things only using .NET libraries then there is a high chance of migration to .NET Core which is designed to work on all three major systems without a problem (especially for web and console applications).
So to sum up:
there is no kernel32.dll for MacOS
you need to find a respective function in the API of MacOS which will do the same as the method which you have called from Kernel32
the best thing is to avoid usage of Kernel32 and try to find a respective call within .NET libraries
Once upon a time you could simply use the Mach call task_for_pid() but that stopped working years ago when Apple first started paying attention to security. Then for a few years you could still force the dynamic linker to load a .dylib into an executable when it launched by setting some environment variables, but then Apple put a stop to that too, as they continued to crack down on security holes.
For the most part you can't do this anymore, or at least not easily. Especially with things like System Integrity Protection enabled. (I mean you could still create a kernel extension and do it there, except Apple now requires that all kernel extensions be signed with a special entitlement and they're pretty much not giving out that entitlement anymore.)
Imagine I have a type of "virtual OS" framework in Unity which runs C# code that represent third-party apps the user can later launch. Would there be any way to secure that third-party code to not, say, read or write files to the local storage? A kind of sandboxed security model (maybe via each third-party app being a DLL which is given certain rights or so)?
If impossible to achieve programmatically, is there a way a project could be securely checked via a custom parser to disallow all file-access keywords ("may never include string 'IO'", with one being ok for false positives to be checked manually), or is that impossible to achieve too? Thanks!
I recently learned that AppDomain is not fully supported in .NET Core, and they have no plans so far of implementing full support.
What I am trying to do is to make a program that can run a plugin, but I don't want that plugin to be able to access certain assemblies or namespaces (for instance System.IO).
The way I used to solve this problem prior to .NET Core will no longer work due to the lack of support.
Is there any other way I can achieve the same in .NET Core?
More concrete example
Let's say I load an assembly using Assembly.LoadFrom from the file system, which contains a plugin method that I then invoke. But I don't want plugins to be able to erase files, etc. In fact, I only want the plugin to be able to call functions from a specific assembly.
Basically they want you to use the platform boundaries for the environment you are developing for.
Sandboxing
Why was it discontinued?
Sandboxing, i.e. relying on the runtime or the framework to constrain which resources a managed application can access, is considered a non-goal for .NET Core. Sandboxing applications and components is also really hard to get right, which is why generally recommend customers not to rely on it. It also makes the implementation more complicated and often negatively affects performance of applications that don’t use sandboxing. Hence, we do not offer sandboxing features in .NET Core.
What should I use instead?
Use operating system provided security boundaries, such as user accounts for running processes with the least set of privileges.
https://blogs.msdn.microsoft.com/dotnet/2016/02/10/porting-to-net-core/
Is There any way to do following in C#.NET or JAVA,
Get list of files from specific directory of Another pc having solaris OS and transfer file using SCP to another pc which have also solaris OS.
Actually i am thinking about creating front-end in asp.net to transfer backup from Live to backup server and get information about backup.
I even this is possible or not, but I wan't to clear my confusion on this.
Please give me your suggestion.
C# or any other .NET language is specific for Windows and won't run on anything but Windows. So forget about .NET languages. For this type of task I would definitely use Java if you insist on using a programming language at that level.
From Java you can use JSch library. It can do SCP from within Java. Here's is one example.
However I must say that most people that are familiar with Unix/Linux would probably simply do this task from within a scripting environment. Heck it can be done from Bash if you like.
Regardless of your choice of tool/prg.language you'll also have to decide if your doing PUSH or PULL. It seems from your posting that you are most keen on doing a PULL. There's no right or wrong answer on PUSH vs PULL.
I am working on a .NET app that will also run on iphone via monotouch and osx/linux via mono. The app will hold profiles for various users and the profile used for a particular session will be selected on startup, kind of like Skype.
To store per-user settings, I am considering using the Application Settings system that's part of .NET. However, this system seems to rely on reflection, which is not available on iphone. I am also not sure if this system will function on platforms other than Windows.
I could also use the app's sqlite database that stores the application data to store settings, and simply roll my own settings classes that would be serialized/deserialized to the sqlite database like all the other application data.
Finally I could roll my own file-based solution.
What are the tradeoffs for these approaches? Why does .NET have dedicated support for user settings? It seems like a quite simple thing that coders should do on their own, and the existence of dedicated support within the .NET framework makes me suspect that I'm missing some point of complexity.
Thanks!
First thought - don't use configuration settings, use the sqlite database as that is on the iPhone and the best approach to take. Remember MonoTouch just transliterates the .NET code to the Objective C equivalent code and compiled to native binary, and you may run into snags if you use Windows/Mono specific code that may not be present on the iPhone.
Avoid pinvokes like the plague if you want your code to work across all platforms.
.Net has support for user settings because Microsoft designed them that way.
Hope this helps,
Best regards,
Tom.