daltonschool / compsci-home

The homepage for everything Computer Science at The Dalton School.
http://compsci.dalton.org/beta
1 stars 0 forks source link

Code Execution in the cloud #20

Open davish opened 9 years ago

davish commented 9 years ago

For a lot of CS1 and all of CS2 (and from what I've looked at all of CS3), code is executed from the command line without Swing or any GUI. It makes sense then for a grader to be able to interactively run code from their browser instead of downloading it to their computer and compiling it.

https://ideone.com/ looks promising, but their API costs money.

It'd be possible to roll our own with AWS EC2 or even on the compsci server, but security would be a concern.

davish commented 9 years ago

Related also to iss19

cforster commented 9 years ago

this is an interesting idea that would be neat to integrate but hard to implement. Ideone is interesting. i spent a bunch of time working on something like this two years ago:

https://github.com/cforster/JavaLab

it's cool but almost certaintly doesn't work now.

On Mon, Mar 23, 2015 at 11:31 AM, Davis Haupt notifications@github.com wrote:

For a lot of CS1 and all of CS2 (and from what I've looked at all of CS3), code is executed from the command line without Swing or any GUI. It makes sense then for a grader to be able to interactively run code from their browser instead of downloading it to their computer and compiling it.

https://ideone.com/ looks promising, but their API costs money.

It'd be possible to roll our own with AWS EC2 or even on the compsci server, but security would be a concern.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20.

PsychicNoodles commented 9 years ago

One way we could do it is run it on the CS server but in a restricted user with only certain security permissions as suggested in this SO post: http://stackoverflow.com/questions/502218/sandbox-against-malicious-code-in-a-java-application

cforster commented 9 years ago

That's basically what javalab does, it isn't super easy and the security was tricky. We could bring in @obijywk to talk to us about that.

davish commented 9 years ago

I just put something together called web-term that streams stdout from a terminal session to the browser, and lets the browser send commands to stdin. It uses socket.io to send data back and forth, which makes it pretty simple. Obviously, it's as dangerous security-wise as it sounds, but restricting the process to the java command instead of full bash would probably help with that.

Eventually, it'd be possible to make it into a Meteor plugin so it could easily be added to the site, but for now I'm just having fun. :smiley:

davish commented 9 years ago

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

PsychicNoodles commented 9 years ago

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt notifications@github.com wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193 .

davish commented 9 years ago

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt notifications@github.com wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644 .

PsychicNoodles commented 9 years ago

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt notifications@github.com wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt notifications@github.com wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938 .

davish commented 9 years ago

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt notifications@github.com

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872 .

cforster commented 9 years ago

If you are interested in the security you should look at JavaLab, that was as secure as we could devise. On Mar 24, 2015 11:42 PM, "Davis Haupt" notifications@github.com wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt notifications@github.com

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659 .

cforster commented 9 years ago

https://github.com/cforster/JavaLab/blob/master/javarunner.js sets up a Java SecurityManager to prevent all access to external resources (filesystem, network, etc.). It also caps CPU time (so an attacker can't write an infinite loop and keep your server busy forever) and memory usage (so an attacker can't run your server out of memory).

The worst case of your EC2 instance getting taken over is actually really bad, it's not just that an attacker can crash it and you have to start over again. You could imagine an attacker taking over the EC2 instance and you not even knowing. They could read data that other users had uploaded, or use the VM to host their own illicit activities, or even replace part of your application with their own code. Do not rely only on your application being contained in a VM for security.

On Wed, Mar 25, 2015 at 8:16 AM, Charles Forster charlie@forsters.com wrote:

If you are interested in the security you should look at JavaLab, that was as secure as we could devise. On Mar 24, 2015 11:42 PM, "Davis Haupt" notifications@github.com wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt <notifications@github.com

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659 .

cforster commented 9 years ago

There's another file in there, compileserver.java, which we could take wholesale, that takes care of compiling the files. On Mar 25, 2015 8:37 AM, "Matt Gruskin" matthew.gruskin@gmail.com wrote:

https://github.com/cforster/JavaLab/blob/master/javarunner.js sets up a Java SecurityManager to prevent all access to external resources (filesystem, network, etc.). It also caps CPU time (so an attacker can't write an infinite loop and keep your server busy forever) and memory usage (so an attacker can't run your server out of memory).

The worst case of your EC2 instance getting taken over is actually really bad, it's not just that an attacker can crash it and you have to start over again. You could imagine an attacker taking over the EC2 instance and you not even knowing. They could read data that other users had uploaded, or use the VM to host their own illicit activities, or even replace part of your application with their own code. Do not rely only on your application being contained in a VM for security.

On Wed, Mar 25, 2015 at 8:16 AM, Charles Forster charlie@forsters.com wrote:

If you are interested in the security you should look at JavaLab, that was as secure as we could devise. On Mar 24, 2015 11:42 PM, "Davis Haupt" notifications@github.com wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt < notifications@github.com>

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659 .

davish commented 9 years ago

So, boiling it down, the command line arguments passed to java gives you most of your security during runtime. Can the time limit be replaced with a big red button or something like that?

I guess that means the default java.security.manager does give you some security; but do you still have access to the policy file that you guys used? I think it was in the tmp/ which wasn't pushed to GitHub. I'd assume that that also has some security things in there. I was having a little trouble understanding what CompileServer.java does. Is it for security or convenience reasons?

-Davis

On Wed, Mar 25, 2015 at 8:40 AM, cforster notifications@github.com wrote:

There's another file in there, compileserver.java, which we could take wholesale, that takes care of compiling the files.

On Mar 25, 2015 8:37 AM, "Matt Gruskin" matthew.gruskin@gmail.com wrote:

https://github.com/cforster/JavaLab/blob/master/javarunner.js sets up a Java SecurityManager to prevent all access to external resources (filesystem, network, etc.). It also caps CPU time (so an attacker can't write an infinite loop and keep your server busy forever) and memory usage (so an attacker can't run your server out of memory).

The worst case of your EC2 instance getting taken over is actually really bad, it's not just that an attacker can crash it and you have to start over again. You could imagine an attacker taking over the EC2 instance and you not even knowing. They could read data that other users had uploaded, or use the VM to host their own illicit activities, or even replace part of your application with their own code. Do not rely only on your application being contained in a VM for security.

On Wed, Mar 25, 2015 at 8:16 AM, Charles Forster charlie@forsters.com wrote:

If you are interested in the security you should look at JavaLab, that was as secure as we could devise. On Mar 24, 2015 11:42 PM, "Davis Haupt" notifications@github.com wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt < notifications@github.com>

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori < notifications@github.com> wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-86009829 .

PsychicNoodles commented 9 years ago

Here's the official article from Oracle: https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#Examples

I'd recommend looking at the default policy file. Basically, you can grant various permissions for file or socket access or whatever. We'd make a custom policy file that was rather restricted and use that command line argument. We'll have to tinker with it a bit to make sure it does what we want, but I think this is the best solution since it's actually built into Java.

On Tue, Mar 24, 2015 at 11:42 PM, Davis Haupt notifications@github.com wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt notifications@github.com

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659 .

cforster commented 9 years ago

I think the point is you can use the policy file to grant it nothing, but that isn't totally sufficient.

On Wed, Mar 25, 2015 at 10:14 AM, Mattori notifications@github.com wrote:

Here's the official article from Oracle:

https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#Examples

I'd recommend looking at the default policy file. Basically, you can grant various permissions for file or socket access or whatever. We'd make a custom policy file that was rather restricted and use that command line argument. We'll have to tinker with it a bit to make sure it does what we want, but I think this is the best solution since it's actually built into Java.

On Tue, Mar 24, 2015 at 11:42 PM, Davis Haupt notifications@github.com

wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt < notifications@github.com>

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori notifications@github.com wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-86045427 .

davish commented 9 years ago

Ah, that makes sense. I'd guess that you'd let them read certain files, use System.in and System.out and not much else.

@cforster has anything else regarding uploading submissions been done? Just wondering.

-Davis

On Wed, Mar 25, 2015 at 10:17 AM, cforster notifications@github.com wrote:

I think the point is you can use the policy file to grant it nothing, but that isn't totally sufficient.

On Wed, Mar 25, 2015 at 10:14 AM, Mattori notifications@github.com wrote:

Here's the official article from Oracle:

https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#Examples

I'd recommend looking at the default policy file. Basically, you can grant various permissions for file or socket access or whatever. We'd make a custom policy file that was rather restricted and use that command line argument. We'll have to tinker with it a bit to make sure it does what we want, but I think this is the best solution since it's actually built into Java.

On Tue, Mar 24, 2015 at 11:42 PM, Davis Haupt notifications@github.com

wrote:

You're right. Looking into the security manager, I'm having trouble finding a resource that lets you set the securitymanager from the command line. you can use the System.setSecurityManager() function, but then you'd need to go into people's code and change it. The one thing I did find was a line that had java -Djava.security.manager [filename], but it didn't go into detail about how it actually works. Do you have an idea?

-Davis

On Tue, Mar 24, 2015 at 11:33 PM, Mattori notifications@github.com wrote:

That's true, we could. It kinda depends on how much we want to make this generalized or well designed or what-have-you. Personally, I don't think it could hurt to try doing the SecurityManager thing. The point is that this is all automated, so I think we should go the extra mile.

On Tue, Mar 24, 2015 at 11:30 PM, Davis Haupt < notifications@github.com>

wrote:

I'm thinking that if we're running this thing on an EC2 server that we just don't care about, does it matter what permissions it has? worst case someone uploads some code that crashes the VM, we can wipe it and download it again. Anyways, isn't there the same security risk when you execute students' code from your own computer? In both cases the code is being run unrestricted by a regular user. We could just say for this usage that it's up to the grader to scan the code first and make sure there's nothing fishy.

-Davis

On Tue, Mar 24, 2015 at 11:05 PM, Mattori < notifications@github.com> wrote:

I think I mentioned this on another issue, but there are ways to put in restrictions on the JVM for things like file access and stuff. You can add it to the command line so its an easy addition. It's called the SecurityManager, there are a few articles online detailing to how to use it.

On Tue, Mar 24, 2015 at 10:09 PM, Davis Haupt < notifications@github.com> wrote:

ok now web-term pretty much works for running java programs. right now it can only handle single-file programs, so only one class. Also, obviously, it's 100% insecure. I don't really know how to make it more secure, but i'm hoping one of you guys do. next step is probably figuring out a way to bundle it into a meteor package.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85785193

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85804644

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85812938

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85813872

.

— Reply to this email directly or view it on GitHub <

https://github.com/daltonschool/compsci-home/issues/20#issuecomment-85816659

.

— Reply to this email directly or view it on GitHub < https://github.com/daltonschool/compsci-home/issues/20#issuecomment-86045427

.

— Reply to this email directly or view it on GitHub https://github.com/daltonschool/compsci-home/issues/20#issuecomment-86046318 .

davish commented 9 years ago

Meteor doesn't really have support for socket.io, so there's not a way that I see to integrate the thing that I made directly into the app. If it'd be possible to run it on the same machine, you could have a symlink between the uploads folder in the meteor directory and the web-term directory. Then there's two ways to go about implementing the web-term in the app:

davish commented 9 years ago

This actually might be our best bet: https://www.terminal.com/api/docs. I'm reading their API right now and seeing if it's actually what we want, but it seems pretty full-fledged, and will guarantee that we're not seeing any security flaws.

davish commented 9 years ago

Nevermind, it's not really what we're looking for. API doesn't seem to do much.