Since Google NaCl is C++, will I be able to access the file system somehow? That's pretty much needed if I am to create a game or a desktop app.
Due to security restrictions, NaCl doesn't allow you to just open up any folder on the disk.
It does, however, grant the ability to access a sandboxed, obfuscated filesystem.
You can check out the PONG example in the latest SDK for examples of how to use the FileSystemAPI.
In addition, this page is a good starting point to understanding how the file system works:
https://developers.google.com/native-client/beta-docs/fileIO
~Main
Yes, but this access is supposedly secure and only able to access a sandboxed file system. Apparently you'll be able to do mmap calls, even. What could go wrong? :-)
Beyond any data files that come with the download, additional disk quota is an "app privilege" you have to "approve" when you install something. It can range from 0 to unlimited.
Related
I have developed a PHP application which serves as an online code compiler (in C, Java and Python) and hosted it on AWS Elastic Beanstalk. The user can type his code and submit to execute it. Then the server will return the output of the execution of his code.
When the user type my_app_url/some_dir, the website will raise 403 error. However, the user can still list all the files and directories from /var/www/html by writing some appropriate code. I know I can process the output of the code to hide them, but is there any better way to do it?
All directories and files are owned by root:root. The permission mode is 755 for directory and 644 for file. The PHP application is running as webapp.
Let me start by saying that it's not a good idea to allow people to run arbitrary code on your server instance. Depending on who has access to your service, and how well it is controller or monitored, you may run into all kinds of trouble (i.e. people sending spam, doing DOS attacks or hosting illegal stuff on your server), as they can run any kind of code on your machine.
Coming back to your question, you need to somehow make sure the code that is uploaded only does stuff that you allow. In Java you could use a custom security policy (see http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html), for example in order to disallow file access from the code. Additionally you'd need to set some limits on memory usage and run time, and kill any program that exceeds them. I'm not that familiar with C and Python, possibly there are similar mechanisms there to control what a process is doing. Platforms like TopCoder allow running your own code on their machines, implementing such a mechanism securely is however most certainly a very complex task.
I have a problem I can't seem to find the answer to, though I am sure it is out there. Is there a way I can disable registry and file access for a newly-created process? I am using Job objects ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms682409(v=vs.85).aspx ) and it says to set the permissions for each new job process, and in a few books I have read that things such as registry and file access can be controlled.
While looking for my answer I saw that I needed to add LUIDs for things such as SE_BACKUP_NAME and such (or whatever it is called) but none of those privilege constants seem to reflect the kind of control I want.. So my exact question is: How would I go about disabling registry/file write access for a newly created process in a Job?
I am trying to create a sandboxed-application, btw. This is so I can prevent it from making any changes to the registry or writing any files while it runs.
Any help would be appreciated!
Windows accesses many resources during process startup, so if you successfully disabled access to the filesystem and registry the process wouldn't start.
Ideally, you'd want access to be restricted after process initialization was complete, but Windows doesn't have a mechanism to do this for arbitrary processes. The sandbox in the Chrome browser relies on the cooperation of the sandboxed process.
The documentation for the Chrome sandbox has a nice overview of the various security mechanisms available in Windows and explains how they are used in Chrome. It's a nice solution if you are trying to sandbox your own code.
I don't think you can disable access outright as many susbsystems rely on it (COM, the shell, some DLL initialisation, debugging, etc) An alternative would be to allow access, but to a limited sandbox which can be done with the integrity system. Setting it to low integrity will block most write access and is used by protected mode IE.
I have to upload my django project to a shared hosting provider.
How can I encrypt my code?
I want to hide my code on the server.
Thanks :)
You can't. You could upload .pyc files I suppose, but they are completely and utterly trivial to decompile.
Who are you trying to conceal it from? If it's other users on the shared system, then make sure you have directory permissions properly restricted to your user. If it's the shared hosting provider itself, then there's not much you can do since obfuscation won't buy you all that much; spend some time to find a reputable hosting provider you can trust.
If you really want to hide your code, you have to build custom python interpreter that uses different opcodes (in python bytecode). Then the server only has your hacked binary and pyc's that are not trivial to decode. You can add encryption on top of that, or at least sign your code so that your binary is not that easy to investigate.
Another possibility is to never have your code on disk, only keep it in RAM. You could start your server process via e.g. execnet.
We've just set up a new remote access solution using Microsoft's TS Gateway, which requires a couple of somewhat fiddly steps on the end users behalf in order to get it working (installing our root ca cert, requirement of RDP 6.1 client etc).
In order to make this setup process as easy as possible (a lot of these users aren't technically minded), I'm looking to create a program to perform all these tasks automatically. I have most of it working, however I'm not entirely sure how to go about importing the Root CA cert into the Windows certificate store.
Because this can potentially be run on a wide range of computers with varying levels of patches and updates, I'm steering well clear of .NET and anything that isn't native - the tool should 'just run' without the user having to install anything extra (well, I will say windows XP, no service packs, is the bare minimum required version of windows). In saying that, I don't mind using something third party if it can be bundled in with the tool, as long as it's not huge, and doesn't introduce any interactive steps. Ideally something in the windows API would be best, however I can't seem to track down anything relevant.
Currently the tool is a C++ application, so I don't mind if it's quite low level stuff.
First you need to open the root certificate store...
HCERTSTORE hRootCertStore = CertOpenSystemStore(NULL,"ROOT");
Then add the certificate using one of the CertAdd functions, such as CertAddEncodedCertificateToStore.
CertAddEncodedCertificateToStore(hRootCertStore,X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,pCertData,cbCertData,CERT_STORE_ADD_USE_EXISTING,NULL);
pCertData and cbCertData would likely point to the certificate data that you read from a file (not sure if the certificate will be in a file, or how you will include it in your application).
Then close the store with...
CertCloseStore(hRootCertStore,0);
NOTE: This code if run as the user, installs the certificate to the user's root store, not the computer's. It also results in a warning dialog that the user must understand and select "Yes" to authorize the import. If your setup program can run this code in a system account, the import will affect the computer's root store and not warning dialog will be shown.
Have you looked at CertAddEncodedCertificateToStore ?
you could also check out CertAddEncodedCertificateToSystemStore
We are running part of our app as a windows service and it needs to b able to access DSNs in order to import through ODBC. However there seem to be a lot of restrictions found through trial and error on what DSNs it can access. For example it seems that it cannot
1. access a system DSN unless the account that is running the service has admin privileges. (I get an Access Denied error, when trying to connect)
2. access a user DSN that was created by a different user (this one is understandable).
3. access a file DSN across the network
I've read that the purpose of a file DSN is to allow other computers to use it to connect, however i can't seem to make that work.
So does any know, or know where i can find out what all the rules and restrictions on accessing a DSN are when using a windows service.
thanks
This is somewhere between your #1 and #2: sometimes correct file permissions are also necessary. I once had troubles on a Vista machine connecting to a DB2 DSN because, for whatever reason (maybe to write out temp files; although I don't know why it would do such a thing in this location instead of a user-specific one), the driver needed write access to the directory where IBM had installed the client binaries and libs, which had been done by an Administrator and was in the root of the C drive.
I think you've already discovered the three main rules yourself. :-)
Except that you probably don't need admin privileges for your service account. IANANA (I am not a network administrator), but your service account probably just needs read access to one of the ODBC files or directories.
You cannot connect to mapped drives with a service. A mapped drive has to interact with memory called the desktop heap which tracks the icons on the desktop. Services do not have access to that memory. If you have to use a dsn create a systemdsn. better would be to use a connection string and store that in the app.config and use the encryption api to encrypt the user name and password.