How to create a lightweight C code sandbox?

Question

I\'d like to build a C pre-processor / compiler that allows functions to be collected from local and online sources. ie:

#fetch MP3FileBuilder http://scripts         


        

Answer 1

This isn't trivial, but it's not that hard.

You can run binary code in a sand box. Every operating system does this all day long.

They're going to have to use your standard library (vs a generic C lib). Your standard library will enforce whatever controls you want to impose.

Next, you'll want ensure that they can not create "runnable code" at run time. That is, the stack isn't executable, they can't allocate any memory that's executable, etc. That means that only the code generated by the compiler (YOUR compiler) will be executable.

If your compiler signs its executable cryptographically, your runtime will be able to detect tampered binaries, and simply not load them. This prevents them from "poking" things in to the binaries that you simply don't want them to have.

With a controlled compiler generating "safe" code, and a controlled system library, that should give a reasonably controlled sandbox, even with actual machine language code.

Want to impose memory limits? Put a check in to malloc. Want to restrict how much stack is allocated? Limit the stack segment.

Operating systems create these kinds of constrained environments using their Virtual Memory managers all day long, so you can readily do these things on modern OS's.

Whether the effort to do this is worthwhile vs using an off the shelf Virtual Machine and byte code runtime, I can't say.