How to create a lightweight C code sandbox?

Question

I\'d like to build a C pre-processor / compiler that allows functions to be collected from local and online sources. ie:

#fetch MP3FileBuilder http://scripts         


        

Answer 1

It is impossible to make a static code verifier that can determine that for all possible codes, that a set of code is safe or unsafe, if the language is Turing complete. It is equivalent to the halting problem.

Of course this point is moot if you have supervisor code running at a lower ring level or being an interpreted language (ie. emulating machine resources).

The best way to do this is to start the code in another process (ipc is not that bad), and trap system calls like Ptrace in linuxes http://linux.die.net/man/2/ptrace