Logo Questions Linux Laravel Mysql Ubuntu Git Menu

Compiling a program with limited library access

i want to compile a C program with gcc and glibc(or any other c library) but i want to limit the program access to certain functions for example program should not be compiled if it uses sockets or signal handling functions.

any idea how i could do this??

by the way i want to use this on a simple programming contest judge


like image 239
Persiaware Avatar asked Mar 18 '23 11:03


1 Answers

You cannot reliably limit access to certain functions, because a motivated developer could always find a work around. For example, he could use dlsym to find the address of some function at runtime, or use asm code invoking some syscalls (or use buffer overflow techniques) or assume a particular version of the libc binary and compute some function pointers (e.g. by offsetting the address of some legitimate libc function like printf with a built-in offset), or cast some literal string (containing suitable machine opcodes) to a function pointer etc, etc....

However, you might consider customizing the compiler (e.g. if compiling with a recent GCC, customize it with your MELT extension) to detect the common cases (but not all of them). This may mean weeks of work developing such compiler customization.

You might also link with your specially crafted libc, use LD_PRELOAD or ptrace, etc.

To forbid some behavior reliably, you should run inside some virtual container.

PS. Statically (soundly & reliably) detecting that some source code would never call a given set of functions is undecidable, since equivalent to the halting problem.

like image 79
Basile Starynkevitch Avatar answered Mar 23 '23 01:03

Basile Starynkevitch