[LLVMdev] Sandboxing code
John Criswell
criswell at uiuc.edu
Fri Nov 6 12:48:30 PST 2009
Péter Szilágyi wrote:
> Hello,
>
> I'm absolutely 101% new to LLVM so please bare with me :).
>
> I'm trying to explore what LLVM can and cannot be used for. One
> thing I was wondering, whether it would be possible to execute an LLVM
> code in a completely sandboxed environment? By sandboxed I mean that
> the executed code should not have direct access to any system
> resources (i.e. hard drive, networking, devices), only through some
> specific API that I would provide. The idea is to be able to execute a
> random LLVM code from the internet in a completely safe way (provided
> that the specific code adheres to my libs in the first place...
> otherwise it shouldn't even compile).
>
The short answer is that you could build a system like this using LLVM,
you could build it more quickly using the SAFECode compiler (which is
built on LLVM and will be released as soon as we can get the legal
paperwork done). However, you will need to add functionality to the
LLVM/SAFECode system in order to be able to do the sandboxing. LLVM
does not provide this functionality at present.
The long answer:
1) You can build the program analysis and transformation passes needed
to do this as a set of LLVM passes.
2) SAFECode provides control-flow integrity as one of its memory safety
properties. It ensures that the return address of a function won't be
overwritten, and it instruments indirect function calls with run-time
checks to ensure that they call valid functions.
3) You could enhance the instrumentation on indirect function calls to
ensure that they don't call system calls or other functions which you
consider "dangerous."
4) You can combine this with operating system techniques (e.g., chroot
jails, private name spaces (Linux/Plan 9 only), SELinux, etc.) to limit
access to operating system resources. Depending on how you want to
sandbox the code, using OS isolation techniques and/or virtual machines
(e.g., VMWare, Xen) may be more straightforward and easier to implement.
-- John T.
> Thanks,
> Peter
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
More information about the llvm-dev
mailing list