Posted by a on 01/19/06 18:39

>
> If your process contains arbitrary user-defined functionality, there's
> nothing you can do to define a sandbox for it. Arbitrary user-defined
> functionality may include switching to the superuser mode (e.g., su on
> Unix), which renders any sandbox meaningless.
>

I don't know how things work on Unix, but at least on Windows I think there
is a solution. Instead of calling exec to run the process that does the
actual work (P1), I create a thin executable (P2) that runs my process using
CreateProcessAsUser. This will run a process in the context of a specific
Windows user and which can be different from the user that is calling it.
Then in my php script I use exec to start P2, which will start P1 in a safe
context, assuming that the user in whose context is running has the
appropriate rights on the server.

I still have to try it, but it seems like a safe solution to me.

A

• Next in forum: Saving to a floppy?
• Prev in forum: How do you get variable to the other side of a script
• Thread view: Re: Security in an process started with exec

[Reply to this message]