Threads permission

Question

Server creates new thread in a threadpool. This thread reads some stuff into buffer and so on and after that, some code executes. I'd want to secure myself by changing permission of thread to lower, before this code which could be unsafe (or it's behavior could be changed ... by hacking and so on...)

I am going (ha... but have nearly no knowledge) to create a kind of "sandbox" for this unsafe code in thread. (Probably for UNIX-like OS, because I have no ideas, how to do that for Windows).

Any ideas how to change threads permission? (I use Boost library). And it would be really great, if there is an ability to define boundaries of memory usage? (Something like - if thread tries use more than 1Mb of stack\heap - something is wrong - kill it).

And one more thing :) - if I use chroot inside thread, I change root dir. for the whole application?

Thanks beforehead.

Answer 1

There is no way to control permissions on threads of native code in either Unix or Windows -- at least not without kernel hacking. The 'ring' mechanism of the hardware (at least x86) was designed to do something like this -- you would kick the thread into a less privileged ring. However, none of the operating systems has any user-mode support for this. chroot in a thread chroots the entire process.

The only thing you can do, if you have to use native code, is to create a process, not a thread. You can then share memory with mmap, and by using read-only on the mappings you can control the sharing. However, if you have malicious code concerns, the process has to run under a different access identity.