0

is there a way to have my program restrict itself to a subset of the files the OS allows it to access?

i want to put some code near the top of my program that declares which files I want it to be able to read, and then have it throw an error or something if some deeply nested code then tries to access something that hasn't been allowed

(this doesn't need to be a secure sandbox for the rest of my code. it's just for catching bugs)

similar things, in other contexts:

  • OpenBSD has pledge and unveil
  • linux has landlock, which can be used to do this
  • you could use strace, and watch it for disallowed files

is there a way to do this in C#, that works on windows and linux (and mac, as a bonus)? an event on file open would work. or some way to revoke permissions via the OS, and get a FileNotFound/AccessDenied error.

notallama
  • 1,069
  • 1
  • 8
  • 11
  • If no one offers a better solution: One way would be to wrap file open and stream open in your own class, and force all file opens to use that instead of the "raw" open. That doesn't help with file opens in any libraries you are including. – Dave S Jul 06 '23 at 20:13
  • I don't know of a good solution in C#. Probably an operating system tool will better solve the problem. One approach would be to patch file access methods after they've been loaded by the runtime. Not foolproof, not fun. https://stackoverflow.com/q/7299097/1462295 – BurnsBA Jul 06 '23 at 20:42

0 Answers0