[Wine] Sandboxing syscalls
Yang Zhang
yanghatespam at gmail.com
Tue Sep 15 00:49:34 CDT 2009
On Mon, Sep 14, 2009 at 7:12 PM, vitamin <wineforum-user at winehq.org> wrote:
>
> Yang Zhang wrote:
>> Being a userspace process doesn't mean you can't prevent a process from making syscalls.
>
> And how do you propose to do that? What can stop "int 0x80" from appearing in the app's code?
You can stop "int 0x80" from appearing in the code by using a
technique known as binary rewriting. This is used in VMWare, for
instance. But that's not the only way to effectively prevent the OS
from taking syscalls from a process.
http://lwn.net/Articles/332974/
http://dev.chromium.org/developers/design-documents/sandbox
http://research.microsoft.com/apps/pubs/?id=72878
http://code.google.com/p/nativeclient/
http://plash.beasts.org/wiki/ComparisonWithOtherSystems
--
Yang Zhang
http://www.mit.edu/~y_z/
More information about the wine-users
mailing list