限制Java、C++、Python程序的权限。

huangapple go评论73阅读模式
英文:

restrict permissions on a java, c++, python program

问题

假设我必须在我的机器上运行Java、C++或Python 3.8程序,但我不希望这些程序访问我的系统信息,运行操作系统命令或执行任何恶意活动。针对这三种语言,是否有办法实现这一要求?

英文:

Suppose I have to run a java, c++, or python3.8 program on my machine, but I don't want these programs to access my system information, run os commands, or perform any malicious activity. Is there a way to do this for each of the aforementioned languages?

答案1

得分: 1

Java在理论上对此有解决方案:'SecurityManager'。您可以在您的Java代码中设置一个(您可以告诉系统:这是一些代码;请将其作为管理器加载)。

安全管理器会在某些事件发生之前被调用,并且可以拒绝操作。主要涉及任何涉及安全性的操作:

  • 退出虚拟机
  • 打开任何文件
  • 打开任何网络连接
  • 设置安全管理器
  • 访问剪贴板
  • 打印内容
  • 可以影响某些线程加载的方面

您会告诉Java运行您编写的某个类文件,该类文件会设置一个安全管理器,然后运行您想要限制的应用程序。

请注意,您不能通过SecurityManager实际限制应用程序使用多少内存和/或CPU,这本身可能是一个相当大的问题。

问题是,这种机制的主要用途是运行小程序,而小程序早已过时。因此,目前在Java生态系统中很少有人在使用这一特性,而且很少使用的黑名单样式机制通常会有漏洞。

我强烈建议您为此设置一个虚拟机。基于虚拟化监视器的限制也存在泄漏问题,但是“在虚拟机中托管内容并确保其不能对基础机器执行操作”的做法更加常见。

英文:

Java theoretically has a solution for this: The 'SecurityManager'. You can set one up within your java code (you can tell the system: Here is some code; load it as the manager please).

A securitymanager gets called before certain things happen and can deny the operation. It's mostly anything that feels security sensitive:

  • Quitting the VM
  • Opening any file
  • Opening any network connection
  • Setting the security manager
  • accessing clipboards
  • Printing things
  • Can influence certain aspects of thread loading

You'd tell java to run some class file that you wrote, that class file sets up a security manager, and will then run the application you want to restrict.

Note that you can't really restrict how much memory and/or CPU it uses with a SecurityManager, which can be quite an issue by itself.

The problem is, the primary use case for this mechanism is to run applets, and applets are long dead. Thus, it's a feature that few people in the java ecosystem are currently using, and little-used blacklist-style mechanisms are usually riddled with holes.

I'd strongly suggest you set up a virtual machine for this purpose. There are leaks in hypervisor based restrictions too, but 'host things in a VM and ensure it cant do things to the underlying machine' is a lot more common.

huangapple
  • 本文由 发表于 2020年8月17日 08:58:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/63443329.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定