Is it possible to disable access of some p开发者_如何转开发rogram to files completely? Because I don't want it to have any kind of access to files on system, is it possible to compile it so it doesn't have access to file stream or to run it someway it cant access files?
The closest you'd be able to come to that is to run your program in a chroot jail.
In an unmanaged environment, code cannot tell itself not to do something it shouldn't. CAS is part of managed environments only, where the runtime provides an extra level of access control. It's up to the OS to prevent applications from doing things that the user they are running on behalf of cannot do. You should be able to run the application as if you were a different, more limited user; then, you could limit the user's access rights to the resource and the OS will prevent the code from accessing it.
In Linux, you can change the owner of the process to nobody. This is no big security increase, as nobody still can access files etc. but it's better than running as a local user or root:
struct passwd *pw = getpwnam("nobody");
if (!pw)
printf("Error: Unable to look up info about user nobody");
else{
setuid(pw->pw_uid);
setgid(pw->pw_gid);
}
In theory you can direct the linker not to link fopen and so on. You'll probably have to use static linkage.
But, often, when you come to a requirement like this you're approaching the problem from the wrong direction. What is it you are trying to achieve with this hack? Why do you want this?
Under Windows, you can start the process under a restricted token
This requires more than just a basic knowledge of Windows API, but it's possible.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论