Sc2LadderServer icon indicating copy to clipboard operation
Sc2LadderServer copied to clipboard

Published 20 hours ago verified publisher icon Cryptyc

Access limitations for bots

Open Archiatrus opened this issue 6 years ago • 5 comments

The bots should only have access to the working directory (and sub-directories). It is especially important that they can not interrupt the other bots processes.

Archiatrus avatar Jun 10 '18 11:06 Archiatrus

Up until now I've been reliant on user permissions and running as an untrusted user. I'm not sure if theres a good way of doing this programatically, but I might take a look into this when I get time

Cryptyc avatar Jun 11 '18 21:06 Cryptyc

Basically you would need to implement some form of Sandbox. I think this should be offloaded to the underlying host system. (chrooted env/user accounts)

m1ndgames avatar Aug 07 '18 09:08 m1ndgames

Unfortunately, it is easy to jump out of chroot. Probably we need a set of restricted users or groups.

alkurbatov avatar Aug 07 '18 09:08 alkurbatov

This is true, (chroot is not a security feature) but at least another step to take for an attacker. Restricted Users should be used in any case. Ill eval some possibilities. (firejail,selinux,containers)

m1ndgames avatar Aug 07 '18 10:08 m1ndgames

I can add 'run under userX' to UnixTools however I need to know the userX's user id and group id.

alkurbatov avatar Aug 11 '18 17:08 alkurbatov