How to prevent a program's system calls

Discussion in 'Software' started by Kolya, Aug 4, 2006.

  1. Kolya

    Kolya Private E-2

    I have a chatbot connected to IRC. It can do system calls, to access services running on my computer (winXP) and get back text information. I don't use that feature though.
    Now I added a capability to the bot, to learn new answers. The problem is that it can learn to start a system call simply by a user telling it so on IRC. :/
    I can't prevent this atm, I could only turnoff the learning capability. But I'd rather not do that. So my question is: Can I safely prevent a program from doing any system calls?

    EDIT: I tried placing the bot in NOD32's or Avast's quarantine folder. That didn't work. I have a Sygate Firewall running, maybe that could be used to monitor the bot.
     
  2. matt.chugg

    matt.chugg MajorGeek

    Your bot should have an ACL its a pretty bad design if a normal user can access your system from it. This also seems like a pretty hefty security risk, I'd recommend removing this feature form the bot for safety or at least implimenting an ACL
     
  3. Kolya

    Kolya Private E-2

    ACL=AccessControlList?

    Well it's my fault for teaching the bot how to learn I guess.
    I can rewrite the bot's "intelligence" so that only a few persons can access the Learning feature. But that isn't what I'm looking for. First I'd have to really really trust these people ... second others couldn't teach the bot anymore.

    Of course it would be better to change the bot itself - I totally agree with that. But I cant program C++ nor do I know how to compile this thing. So for the moment I'm basically looking for a crude hack.
     
  4. matt.chugg

    matt.chugg MajorGeek

    To block system calls would require subclassing which you should not even attempt as you already mention you are not familiar with c++. I'd suggest removing the bot from irc entirly, your better with no bot that a bot the poses a security risk.
     
  5. Kolya

    Kolya Private E-2

    Yes of course I removed the bot immediately from IRC as soon as I realised what could happen (fortunately I was the first to do so).

    Hmm, I'll try and contact the original authors of this chatbot. Won't be too easy since they stopped the project 3 years ago. So wish me luck. And thanks for your answers matt.chugg. :)
     
  6. matt.chugg

    matt.chugg MajorGeek

    No problem

    Good Luck
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds