[Nottingham] Read-only prefix command or command wrapper
Roger Light
roger at atchoo.org
Thu Sep 25 12:22:24 UTC 2008
On Wed, Sep 24, 2008 at 11:05:52PM +0100, Camilo Mesias wrote:
>
> Or you could write a custom library, loaded by LD_PRELOAD to
> intercept any 'open' system calls and make sure the flags don't
> allow writing. This approach works well if there are specific
> types of writing that you want to block, but it's harder to try
> and cover all possible writes.
For anyone that's interested, I knocked up a quick example of this
which is at http://atchoo.org/src/ro_wrap.tar
As Camilo says, it's actually hard to cover all the bases with this
approach. More to the point, it's hard to check whether you've
covered everything. Working at the filesystem level is a lot easier.
I'd forgotten that openat() exists, for example, and then there are
all of the open/open64 variations, and fcntl() can change the
read/write status of an fd and... In other words, don't use that
code ^ for anything and would this count instead?
rofs / /ro
chroot /ro /usr/bin/command
rofs is a read only fuse filesystem from
http://mattwork.potsdam.edu/projects/wiki/index.php/Rofs
Cheers,
Roger
More information about the Nottingham
mailing list