Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

I am writing something similar to the http://ideone.com/. Currently I am running user processes with CreateProcess call. I kill the process if it runs longer then specified amount of time but I don't know how to deny read/write filesystem rights / creating process rights etc. to the created process. The given executable can be literally anything and I need to allow only stdin / stdout. Also it would be great if I could set working memory set.

I read a lot of articles on msdn such as CreateProcessAsUser Function, CreateProcessWithLogonW Function etc. but I get confused very fast (probably because my win32 knowledge is extremely limited). Is it sufficient just to call CreateProcessAsUser and create special user with those limited privileges (and how to create such user).

I hope I can achieve this in one function call with right parameters so please help.

Also, if you know some similar open source project it would be great.

Thanks.

==========================================================

Edit: Hi again :) I am still stuck with this. I didn't have enough time to work on this, but I guess snemarch post is very useful. If someone has out of the box solution it would be great. I will post if I do something with snemarch's links.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
189 views
Welcome To Ask or Share your Answers For Others

1 Answer

Take a look at OpenProcessToken and AdjustTokenPrivileges - this lets you fine-tune (to some extent) the permissions of your process. You can use SaferCreateLevel for some standard rights like SAFER_LEVELID_UNTRUSTED.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...