natsukagami
commented
1 year ago Also check DMOJ's old sandbox https://github.com/DMOJ/judge-server/tree/v1.4.0. They dropped Windows later on.
Open minhnhatnoe opened 1 year ago
natsukagami
commented
1 year ago Also check DMOJ's old sandbox https://github.com/DMOJ/judge-server/tree/v1.4.0. They dropped Windows later on.
natsukagami
commented
1 year ago I'm thinking of keeping isolate and running under Docker/WSL for now, too much to do for a priority:medium thing.
minhnhatnoe
commented
1 year ago I'm thinking of keeping
isolateand running under Docker/WSL for now, too much to do for apriority:mediumthing.
Me too.
Is your feature request related to a problem? Please describe.
It seems like an open-source sandbox for competitive programming has yet to appear. If kjudge is to support Windows, native sandboxing is a must.
Describe the solution you'd like
Below are a few solutions that can be considered.
Temporary user account
Create a temporary user account for executing the code. This account will have very limited access to file and folders present on the user's machine. Memory limits and other restrictions will be enforced using Windows Job Objects. This seems to be the solution used by many judging systems.
Advantages
Compatibility: Compatible with every Windows version
known to manin use.Disadvantages
Reinventing the wheel: This solution will require excessive penetration testing.
Vulnerable to tampering by outside apps: This is a half of the sandbox's purpose. Also, AVs such as Kaspersky are notorious for deleting compiled executables, simply because they do not have a certificate.
Security through obscurity: This is essentialy patching every hole manually, so chances are it can not be open-sourced.
Chromium sandbox
See here for the introduction of the Chromium Sandbox. In short, this sandbox is for running renderers, which are exposed to untrusted data and can be compromised.
Advantages
Should be easy enough to use.
Safe
Disadvantages
There is no documentation for this sandbox. Since memory limits and time limits are not implemented, we will have to configure the call to Windows Job Objects.
HCS/Moby
See HCSShim and Moby for details. In short, we are basically firing up Docker Containers for every test.
Advantages
Safe
Behaviour similar to isolate: the Host Compute Service (HCS) was created with the intention to imitate linux's cgroups and other access-limit services, which is how isolate functions.
Has half-decent docs: The docs generated on pkg.go.dev is sufficient to understand the inner workings of the code.
Disadvantages
Big code size: I haven't looked into the actual size of the executable, but I imagine it wouldn't be very lightweight.