Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sandbox for unsafe program? #11

Open
GoogleCodeExporter opened this issue Jun 24, 2015 · 4 comments
Open

Sandbox for unsafe program? #11

GoogleCodeExporter opened this issue Jun 24, 2015 · 4 comments

Comments

@GoogleCodeExporter
Copy link

What steps will reproduce the problem?

1. put something dangerous/illegal into source code
system("rm -rf /")
search for standard output file under home directory
attach and debug lemon
modify other users' programs
kill you

2. use lemon to judge it

3. all hell breaks loose


What is the expected output? What do you see instead?

this defect makes lemon unusable for serious competitions.


What version of the product are you using? On what operating system?

maybe all



Please provide any additional information below.

several good solutions do exist.
Haoqiang FAN gave a talk at BJWC2013 and posted some odp:
http://fanhq666.blog.163.com/blog/static/8194342620131510211721/
his solution involves ptrace and setrlimit, which is good for *nix, but makes 
life  hard under Micro$oft Windows.
he is willing to participate in this project.
if you are interested, mailto fanhqme[[at]]126.com/fanhqme[[at]]gmail.com (make 
sure you use Chinese whenever possible)


Original issue reported on code.google.com by [email protected] on 10 Feb 2013 at 1:49

@GoogleCodeExporter
Copy link
Author

Actually, Lemon does not have any Sandbox under both Linux and Windows.
I have learnt something about how to control process's privilege under Linux or 
Windows. Both I think it's a little hard for me, especially Windows (too much 
Windows APIs).

My original purpose is just to give an alternative easy-using judge platform 
under Linux for self-testing, not for formal contest. So I haven't do much 
about control contestants' programs.

Another purpose is just to study writing GUI application for myself.

Original comment by [email protected] on 21 Feb 2013 at 5:28

@GoogleCodeExporter
Copy link
Author

Thanks for timely response.
Easy-to-use and reliable judge platform is becoming a pushing need for OIers 
who live in *nix world. Lemon serves as a good start point, and will surely 
have successors.
Controlling process privilege is not too hard ( see those OJs! ), but requires 
quite some time for cross-platform experience. It should be a long-term goal 
for lemon.

So this issue should be marked as closed.

Original comment by [email protected] on 21 Feb 2013 at 10:55

@GoogleCodeExporter
Copy link
Author

Recently I'm developing a Online Judge website using Ruby on Rails. So I think 
I need to learn something about privilege control. 

In Linux I learnt that I can use ptrace to control privilege. In Windows I 
found the Sandbox source code of Chromium, I'll try to combine it with Lemon in 
the future.

Original comment by [email protected] on 22 Feb 2013 at 3:48

@GoogleCodeExporter
Copy link
Author

That will be great.

On Windows, debug api may be helpful. Another workaround is to talk 
interactively with gdb setting breakpoints on all dangerous functions.
However, I guess python is going to make the story a little longer.

Original comment by [email protected] on 23 Feb 2013 at 1:00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant