search

DapperX / project-lemon

Automatically exported from code.google.com/p/project-lemon
0 stars 0 forks source link

Sandbox for unsafe program? #11

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. put something dangerous/illegal into source code
system("rm -rf /")
search for standard output file under home directory
attach and debug lemon
modify other users' programs
kill you

2. use lemon to judge it

3. all hell breaks loose

What is the expected output? What do you see instead?

this defect makes lemon unusable for serious competitions.

What version of the product are you using? On what operating system?

maybe all

Please provide any additional information below.

several good solutions do exist.
Haoqiang FAN gave a talk at BJWC2013 and posted some odp:
http://fanhq666.blog.163.com/blog/static/8194342620131510211721/
his solution involves ptrace and setrlimit, which is good for *nix, but makes 
life  hard under Micro$oft Windows.
he is willing to participate in this project.
if you are interested, mailto fanhqme[[at]]126.com/fanhqme[[at]]gmail.com (make 
sure you use Chinese whenever possible)

Original issue reported on code.google.com by fanh...@gmail.com on 10 Feb 2013 at 1:49

GoogleCodeExporter commented 9 years ago 
Actually, Lemon does not have any Sandbox under both Linux and Windows.
I have learnt something about how to control process's privilege under Linux or 
Windows. Both I think it's a little hard for me, especially Windows (too much 
Windows APIs).

My original purpose is just to give an alternative easy-using judge platform 
under Linux for self-testing, not for formal contest. So I haven't do much 
about control contestants' programs.

Another purpose is just to study writing GUI application for myself.

Original comment by Blue.Boy.in.China@gmail.com on 21 Feb 2013 at 5:28

GoogleCodeExporter commented 9 years ago 
Thanks for timely response.
Easy-to-use and reliable judge platform is becoming a pushing need for OIers 
who live in *nix world. Lemon serves as a good start point, and will surely 
have successors.
Controlling process privilege is not too hard ( see those OJs! ), but requires 
quite some time for cross-platform experience. It should be a long-term goal 
for lemon.

So this issue should be marked as closed.

Original comment by fanh...@gmail.com on 21 Feb 2013 at 10:55

GoogleCodeExporter commented 9 years ago 
Recently I'm developing a Online Judge website using Ruby on Rails. So I think 
I need to learn something about privilege control. 

In Linux I learnt that I can use ptrace to control privilege. In Windows I 
found the Sandbox source code of Chromium, I'll try to combine it with Lemon in 
the future.

Original comment by Blue.Boy.in.China@gmail.com on 22 Feb 2013 at 3:48

GoogleCodeExporter commented 9 years ago 
That will be great.

On Windows, debug api may be helpful. Another workaround is to talk 
interactively with gdb setting breakpoints on all dangerous functions.
However, I guess python is going to make the story a little longer.

Original comment by fanh...@gmail.com on 23 Feb 2013 at 1:00