Is it possible to configure an Windows xp to run a single application of dotnet?
No, this is not possible. The operating system itself runs many different applications just to perform its basic functions.
If you're talking about preventing the user from interacting with all other applications, that's something you can configure using Group Policy. This is an infrastructure feature built into Windows that allows system administrators to exercise precise control over the abilities of individual user accounts.
You can easy configure a policy to prevent users from launching applications other than those you explicitly allow. This is not, however, something that you can write code yourself to do.
Help on configuring Group Policy is available from your system administrator, or from the kind folks over at Server Fault. However, if you decide to ask a question there, you will need to provide a lot more details about what exactly you're trying to configure, what operating system you're running, and any other requirements that might be important.
Related
Does anyone have better ways of managing / scheduling console apps, without the use of Windows Scheduler?
eg. Console app to pickup records in the database that requires a set of actions.
*** Experience in the past, when number of tasks increase over time, it get's bit messy and difficult to maintain when moving servers.
There are third party apps you could look at, some of which are suggested in Cron-like system for Windows?.
However, if Windows Scheduler does provide the functionality you need, but just not the ideal management, you could look at using the CLI schtasks.exe
You can define all your tasks in an XML schema meaning they will more easily port across machines.
So I have been charged with the task of making all of the computers for a small company only able to access a single website, sort of like a web kiosk. After playing with a lot of the whitelist web filtering software out there and finding nothing that is in the company's budget that really does what they want. (blocking user access to all programs except IE, and IE can only access one domain) I'm not the greatest programmer in the world but I figured I could throw together a really simple C# web browser that only allowed access to a particular domain and make the users use that. Problem is that C# relies on other things existing in Windows to work properly. If it were possible to then setup a windows machine so that when a user logs on, all Windows functions are hidden, but still running in the background, and one specific program is running, then this C# web browser would start on the right domain and that would really be all that the user could do. Does anyone know of a way to make this happen?
Other solutions to my problem would be greatly appreciated. I would prefer a solution that is user specific on individual machines, not a network filter or something higher up. So that I can access the full web and computers when I do maintenance on them and because users could just access one of the many wifi networks available from neighboring offices if it was network level.
Oh yeah, and some machines are windows 7, and others are running XP.
I suggest you use the CreateDesktop/ SwitchDesktop WinAPI Calls from user32.
E.g. http://msdn.microsoft.com/en-us/library/ms686347(v=vs.85).aspx
Don't know how to call this from C#, but I think it is possible.
So your should integrate a desktop creation and switching inside your simple C# browser (at start of it) or in separate application, which does start your browser. Add this application (or browser) to the user's autorun.
Be very careful, when you does a desktop switch, is it very hard (I think impossible) to switch back.
I'm working hard on making my product work seamlessly on Windows 7. The problem is that there is a small set of global (not user-specific) application settings that all users should be able to change.
On previous versions I used HKLM\Software\__Company__\__Product__ for that purpose. This allowed Power Users and Administrators to modify the Registry Key and everything worked correctly. Now that Windows Vista and Windows 7 have this UAC feature, by default, even an Administrator cannot access the Key for writing without elevation.
A stupid solution would, of course, mean adding requireAdministrator option into the application manifest. But this is really unprofessional since the product itself is extremely far from administration-related tasks. So I need to stay with asInvoker.
Another solution could mean programmatic elevation during moments when write access to the Registry Key is required. Let alone the fact that I don't know how to implement that, it's pretty awkward also. It interferes with normal user experience so much that I would hardly consider it an option.
What I know should be relatively easy to accomplish is adding write access to the specified Registry Key during installation. I created a separate question for that. This also very similar to accessing a shared file for storing the settings.
My feeling is that there must be a way to accomplish what I need, in a way that is secure, straightforward and compatible with all OS'es. Any ideas?
Do you have to have it in the registry? If not, put it into a simple file, writable by everyone. Writing to HKLM requires additional privileges for a very good reason.
I'm new to here (otherwise i would've left a comment) and i'm not a windows guru, but...
imho the premise is wrong:
there's a reason if a non-elevated user cannot modify registry keys or directories read by all users (like Users\Public by default)
i think that allowing any users to modify a small set of global application settings may be disruptive for the experience of the other users that didn't expect their settings to be modified
on the other hand i don't know your use cases...
could you please specify why all users should be able to modify these settings?
and if indeed all users have to be able to do it... why can't you make these settings user-specific?
To understand what I'm asking, it's important to distinguish from among the several uses of SUID in Unix.
I have a project that uses an executable in the user's PATH which is owned by the project and which has the SUID bit set. In this way, when it runs, it runs in the context of the file's owner, not the calling user. This way, it has access to things that the user does not, and thereby these things are protected from the user by normal file system protections. This works reasonably well. Plans are to move the project to a client-server architecture but that's going to take some time. In the mean time, how can I replicate this type of behavior on Windows systems?
Note that the project's executables do not call the SETUID library call though, frankly, that would be a great feature to add, in my opinion, given what the project does. The project does not need system root privileges. It's first security concern is that it needs to protect its own files from the user (which is simply any user other than the file owner) and it would be very nice if it had the ability to switch to "user context" to access the file system as if it were the calling user. (In this way, it could more easily determine what is OK for the project to touch and what is not.)
The project is written in a combination of C and Java - a C program with SUID set calls the Java code...
I am keen to know all such mechanisms, and am especially focused on those which are:
Suitable for C and Java, and;
Easy to implement for non-Windows programmers, and;
Require minimal coding unique to Windows.
If some solutions are superior, please share your thoughts on whatever you are aware of in this regard.
NOTES:
LogonUser: Requires a password in plain text. How can that be an answer?
RunAs: Requires password be entered at PROMPT! ...As with LogonUser only worse; I don't see how this is an answer.
Cygwin has an excellent discussion on how they do this without requiring the user password here: Using Windows security in Cygwin
Basically they install a custom LSA authentication package that provides security tokens without requiring a password. As a fallback, when the authentication package is not installed, they use the undocumented NtCreateToken API.
An application wanting to impersonate could make a cygwin setuid call before calling java.
I don't think there's an equivilent of SETUID in Windows, but you can launch a process as another user. If you are using C, there are really only two major Windows Specific functions you'll need to look into:
LogonUser
CreateProcessAsUser
The docs for those functions are pretty good, so it shouldn't be that huge of a challenge. Basicly, you'll use LogonUser to impersonate the user, then CreateProcessAsUser to launch the JVM as that user.
You could also look at the RUNAS command, but I'm not sure if that would meet your needs or not.
I'm looking for the concept to spawn a process such that:
it has only access to certain libraries/APIs
it cannot acess the file system or only specific parts
it can do least harm should malicious code run in it
This concept is known as sandbox or jail.
It is required to do this for each major Operating system (Windows, MacOSX and Linux) and the question is conceptual (as in what to do, which APIs to use and and what to observe) rather then language specific.
answer requirements
I really want to accept an answer and give you 20 points for that. I cannot accept my own answer, and I don't have it yet anyway. So if you really want your answer to be accepted, please observe:
The answer has to be specific and complete
With specific I mean that it is more then a pointer to some resource on the internet. It has to summarize what the resource says about the topic at least.
It may or may not contain example code, but if it does please write it in C
I cannot accept an answer that is 2/3 complete even if the 2/3 that are there are perfect.
this question FAQ
Is this homework? No.
Why do you ask this like a homework question? If you ask a specific question and you want to get a specific answer, and you know how that answer should look like, even though you don't know the answer, that's the style of question you get.
If you know how it should look like, why do you ask? 1) because I don't know all the answer 2) because on the internet there's no single place that contains all the details to this question in one place. Please also read the stackoverflow FAQ
Why is the main part of your question how to answer this question? Because nobody reads the FAQ.
Mac OS X has a sandbox facility code-named Seatbelt. The public API for it is documented in the sandbox(7), sandbox_init(3), and related manual pages. The public API is somewhat limited, but the facility itself is very powerful. While the public API only lets you choose from some pre-defined sandboxes (e.g. “All sockets-based networking is prohibited”), you can also use the more powerful underlying implementation which allows you to specify exactly what operating system resources are available via a Scheme-like language. For example, here is an excerpt of the sandbox used for portmap:
(allow process-exec (regex #"^/usr/sbin/portmap$"))
(allow file-read-data file-read-metadata (regex
#"^/etc"
#"^/usr/lib/.*\.dylib$"
#"^/var"
#"^/private/var/db/dyld/"
#"^/dev/urandom$"))
(allow file-write-data (regex
#"^/dev/dtracehelper$"))
You can see many sandboxes used by the system in /usr/share/sandbox. It is easy to experiment with sandboxes by using the sandbox-exec(1) command.
For Windows, you may want to have a look at David LeBlanc’s “Practical Sandboxing” talk given at Black Hat USA 2007. Windows has no built-in sandboxing technology per se, so the techniques described leverage an incomplete mechanism introduced with Windows 2000 called SAFER. By using restricted tokens, one can create a process that has limited access to operating system resources.
For Linux, you might investigate the complicated SELinux mechanism:
SELinux home,
a HOWTO. It is used by Red Hat, for example, to harden some system services in some of their products.
For Windows there is a sandbox in Google Chrome. You may want to investigate it. It uses liberal BSD-like license.
For Linux there would be good old chroot or more sophisticated http://plash.beasts.org/wiki/.
OS X since Leopard has some SELinux-like protection available.
The site codepad.prg has a good "About" page on how they safely allow the execution of any code snippets..
Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits. The supervisor is written in Haskell.
When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:
The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.
The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.
FreeBSD has specific concepts of jails, and Solaris has containers. Depending on what you're looking for, these may help.
chroot jails can help to limit what an application can do (though any app with root privileges can escape a jail), and they're available on most UNIXen, including OS X.
As for Windows, I'm not sure. If there was an easy way to sandbox a Windows app, most of them would be a lot more secure by now, I'm sure.
On windows (2000 and later) you can use Job objects to restrict processes.
If you really want a technique that will work with all these platforms, as opposed to a separate solution for each platform, then I think your only answer is to set up a virtual machine for each testing environment. You can restore back to a snapshot at any time.
Another big advantage of using virtualization is that you can have all of the testing environments with their guest operating systems all on the same box.
For Linux, there is AppArmor. Unfortunately, the project is somewhat on hiatus.
Another sandboxing-alternative is VServer, which uses virtualization.
Generally any virtual private server will do:
Linux VServer
http://linux-vserver.org/Welcome_to_Linux-VServer.org
Parallels Virtuozzo Containers
http://www.parallels.com/products/pvc/
and as was mentioned FreeBSD and Solaris has own implementations.
Oh. actually I've noticed you're asking it to work on ANY OS. Well, that might be complicated a bit as the I think less effort is just to reuse some VM that can support some level of sandboxing like:
Java
.NET
I'm not an expert on the topic, but i think the standard answer for linux is to define a SeLinux policy with the right capabilities for the process.