Home Explore Help
Sign In
txlyre
/
avram
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c161b2cdd5
Branches Tags
avram
/
doc
/
avram.html
/
Security.html

Security.html 4.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. <html lang="en">
    2. 

  2. <head>
    3. 

  3. <title>Security - avram - a virtual machine code interpreter</title>
    4. 

  4. <meta http-equiv="Content-Type" content="text/html">
    5. 

  5. <meta name="description" content="avram - a virtual machine code interpreter">
    6. 

  6. <meta name="generator" content="makeinfo 4.13">
    7. 

  7. <link title="Top" rel="start" href="index.html#Top">
    8. 

  8. <link rel="up" href="User-Manual.html#User-Manual" title="User Manual">
    9. 

  9. <link rel="prev" href="Diagnostics.html#Diagnostics" title="Diagnostics">
    10. 

  10. <link rel="next" href="Example-Script.html#Example-Script" title="Example Script">
    11. 

  11. <link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
    12. 

  12. <meta http-equiv="Content-Style-Type" content="text/css">
    13. 

  13. <style type="text/css"><!--
    14. 

  14.   pre.display { font-family:inherit }
    15. 

  15.   pre.format  { font-family:inherit }
    16. 

  16.   pre.smalldisplay { font-family:inherit; font-size:smaller }
    17. 

  17.   pre.smallformat  { font-family:inherit; font-size:smaller }
    18. 

  18.   pre.smallexample { font-size:smaller }
    19. 

  19.   pre.smalllisp    { font-size:smaller }
    20. 

  20.   span.sc    { font-variant:small-caps }
    21. 

  21.   span.roman { font-family:serif; font-weight:normal; } 
    22. 

  22.   span.sansserif { font-family:sans-serif; font-weight:normal; } 
    23. 

  23. --></style>
    24. 

  24. </head>
    25. 

  25. <body>
    26. 

  26. <div class="node">
    27. 

  27. <a name="Security"></a>
    28. 

  28. <p>
    29. 

  29. Next:&nbsp;<a rel="next" accesskey="n" href="Example-Script.html#Example-Script">Example Script</a>,
    30. 

  30. Previous:&nbsp;<a rel="previous" accesskey="p" href="Diagnostics.html#Diagnostics">Diagnostics</a>,
    31. 

  31. Up:&nbsp;<a rel="up" accesskey="u" href="User-Manual.html#User-Manual">User Manual</a>
    32. 

  32. <hr>
    33. 

  33. </div>
    34. 

  34. 

  35. <h3 class="section">1.7 Security</h3>
    36. 

  36. 

  37. <p><a name="index-security-115"></a>A few obvious security considerations are relevant to running untrusted
    38. 

  38. virtual code applications. These points are only as reliable as the
    39. 

  39. assumption that the <code>avram</code> executable has not been modified to the
    40. 

  40. contrary.
    41. 

  41. 

  42.      
    43. 

  43. <a name="index-filter-mode-116"></a>
    44. 

  44. <ul><li>The applications with the best protection from malicious code are
    45. 

  45. those that run in filter mode, because they have no access to any
    46. 

  46. information not presented to them in standard input, nor the ability to
    47. 

  47. affect anything other than the contents of standard output (provided that
    48. 

  48. the <code>--jail</code> command line option is used). The worst
    49. 

  49. they can do is use up a lot of memory, which can be prevented with the
    50. 

  50. <samp><span class="command">ulimit</span></samp> command. Unfortunately, not all applications are usable
    51. 

  51. in this mode. 
    52. 

  52. <li>Parameter mode applications that do not involve the <samp><span class="option">-i</span></samp>,
    53. 

  53. <a name="index-parameter-mode-117"></a><a name="index-standard-input-118"></a><samp><span class="option">-t</span></samp> or <samp><span class="option">-s</span></samp> options are almost as safe (also assuming
    54. 

  54. <code>--jail</code>). They have (read-only) access to environment variables, and to the files that are
    55. 

  55. indicated explicitly on the command line. If standard input is one of
    56. 

  56. the files (as indicated by the use of <code>-</code> as a parameter), the
    57. 

  57. virtual code application may infer the current date and time.  However,
    58. 

  58. a parameter mode application may write any file that the user has
    59. 

  59. permission to write. The <samp><span class="option">--ask-to-overwrite</span></samp> option should be
    60. 

  60. used for better security, or at least the <samp><span class="option">--quiet</span></samp> option should
    61. 

  61. not be used.  The virtual code can neither override nor detect the use
    62. 

  62. of these options. 
    63. 

  63. <li>Interactive parameter mode applications (those that use either the
    64. 

  64. <a name="index-interactive-applications-119"></a><samp><span class="option">-i</span></samp>, <samp><span class="option">-t</span></samp> or <samp><span class="option">-s</span></samp> options) are the least secure
    65. 

  65. because they can execute arbitrary shell commands on behalf of the
    66. 

  66. user. This statement also applies to filter mode and parameter mode
    67. 

  67. applications where the <samp><span class="option">--jail</span></samp> option is not used.  Use of
    68. 

  68. <samp><span class="option">--step</span></samp> is preferable to <samp><span class="option">-i</span></samp> for making an audit
    69. 

  69. trail of all commands executed, but the application could probably
    70. 

  70. subvert it. The <samp><span class="option">--step</span></samp> option may be slightly better because
    71. 

  71. it can allow the user to inspect each command and interrupt it if
    72. 

  72. appropriate. However, in most cases a command will not be displayed
    73. 

  73. until it is already executed. Commands executed by non-interactive
    74. 

  74. applications normally will display no output to that effect. A
    75. 

  75. <samp><span class="command">chroot</span></samp> environment may be the only secure way of running
    76. 

  76. untrusted interactive applications. 
    77. 

  77. </ul>
    78. 

  78. 

  79.    </body></html>
    80. 

  80.