C ++沙盒动态库
[英]C++ Sandboxing dynamic libraries
问题描述
I'm wondering if at all it is possible to sandbox a dynamically linked library via dlopen and friends. 
我想知道是否可以通过dlopen和朋友沙箱动态链接库。 The aim is to recover from an error within the library without tearing down the whole application eg SEGFAULT, etc. 目的是从库中的错误中恢复而不会拆除整个应用程序,例如SEGFAULT等。
Anyone had any experience in this area? 有人在这方面有过经验吗?
3 个解决方案
解决方案1
4 2010-07-17 13:41:33
解决方案2
1 已采纳 2010-07-17 14:22:46
OK well generally speaking exception handling is highly operating system dependent. 一般来说,异常处理是高度依赖于操作系统的。 I am going to make some assumptions and try to provide some generic guidance. 我将做一些假设,并尝试提供一些通用指导。 Please know that this is by no means an exhaustive reply, but should serve as a place to start. 请注意,这绝不是一个详尽的回复,但应该作为一个开始的地方。
I will assume that: 我会假设:
For the most part, you are interested in safeguarding against memory leaks.
在大多数情况下,您有兴趣防止内存泄漏。 You are not interested in Windows (which is whole-other-ball-of-wax) since you mentioned dlopen (you would have said LoadLibrary otherwise)
因为你提到了dlopen(你会说LoadLibrary否则)你对Windows(这是整个其他的蜡球)不感兴趣 That you are aware of the nuances of linking against C++ symbols.
你知道链接C ++符号的细微差别。 If you are not read up on it at mini howto on dlopen c++ 如果你没有在dlopen c ++上的mini howto上阅读它
Generally speaking 一般来说
There is no general solution to the described problem without involving specialized operating systems that provide data and code segment sand-boxing there are Trusted Systems and specialty operating system kernels that can do this, but i assume that you want to do this on a good old *nix or windows environment. 没有涉及提供数据和代码段沙箱的专业操作系统没有一般解决方案,有可信任的系统和可以做到这一点的专业操作系统内核,但我认为你想要在一个好的旧的* nix或windows环境。
Compiler stuff further complicates issues (does your C++ compiler generate weak symbols by default? typically it would) This affects how exception handling happens in a try-catch. 编译器的东西使问题更加复杂(默认情况下你的C ++编译器是否生成弱符号?通常它会这样做)这会影响try-catch中异常处理的发生方式。
Simple operating system exception handling that raises signals (SIGSEGV, SIGFPE etc.): 简单的操作系统异常处理,提升信号(SIGSEGV,SIGFPE等):
Under POSIX system supporting sigaction ... 在支持sigaction的 POSIX系统下......
Let's say you want to protect against generic things like bad memory addressing. 假设您希望防止内存不良等常见问题。 Trap the SIGSEG using sigaction before dlopening a library (to protect against .init functions) and then also do a signal check before calling a function within the library. 在调用库之前使用sigaction捕获SIGSEG(以防止.init函数),然后在调用库中的函数之前进行信号检查。 Consider using SA_STACK to ensure that your handler jumps into a stack you have good control over, and SA_SIGINFO to ensure that your handler gets info about the source. 考虑使用SA_STACK确保您的处理程序跳转到您可以很好地控制的堆栈,并使用SA_SIGINFO确保您的处理程序获取有关源的信息。
A good place to start on this is at the Signal handling on GNU libc manual 一个好的开始就是GNU libc上的信号处理手册
Under C++: use wrappers and with try-catch to catch soft exceptions 在C ++下:使用包装器和try-catch来捕获软异常
try { foo(); 试试{foo(); } catch() { // do something } } catch(){//做某事}
where foo is a weak symbol pointing to a function in your dll see c++ dlopen mini-howto for a lot more examples and details on loading classes etc. 其中foo是指向你的dll中的函数的弱符号,请参阅c ++ dlopen mini-howto以获取更多有关加载类等的示例和详细信息。
If you have more specific needs, post them, i'll see if i can provide more info. 如果您有更具体的需求,发布它们,我会看看我是否可以提供更多信息。
Cheers 干杯
解决方案3
0 2010-07-17 14:22:52
How would you differentiate a segfault from your application and the dynamic library in question? 您如何将segfault与您的应用程序和相关的动态库区分开来? Creating a separate process to fence off the library as che described seems like the best approach. 如上所述,创建一个单独的进程以隔离库似乎是最好的方法。
edit: 编辑:
found this related question, pointing at a CERT advisory suggesting not to return from a SIGSEGV handler if you desire portability. 发现了这个相关的问题,指着一个CERT顾问建议如果你想要可移植性不要从SIGSEGV处理程序返回。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.