judge-server icon indicating copy to clipboard operation
judge-server copied to clipboard

Published 20 hours ago verified publisher icon DMOJ

Allowed syscalls audit

Open quantum5 opened this issue 9 years ago • 3 comments

Allowed syscalls should be audited, and those that are not necessary in the majority of cases, or are potentially dangerous will be removed from chroot.py. Before get_security was implemented for executors, many very localized cases were added into chroot.py, and those were never cleaned up. The same auditing process will be done for FreeBSD syscalls as well.

Laziness is no excuse for lack of security. The fact that we have created a maintenance nightmare by not allowing common syscalls (#77) is no excuse for allowing all syscalls on sight. In that case, we might as well avoid maintenance nightmare, and replace them with actual nightmares of systems being pwned, by removing our security system.

quantum5 avatar Jul 10 '16 04:07 quantum5

For example, why is sys_readlink allowed for everything?

quantum5 avatar Jul 20 '16 20:07 quantum5

These submissions should likely have been allowed to pass:

https://dmoj.ca/submission/943440 https://dmoj.ca/submission/676246 https://dmoj.ca/submission/1000252 (should have been denied, this looks like a good testcase) https://dmoj.ca/submission/1052481 https://dmoj.ca/submission/1058794

Xyene avatar Dec 15 '18 23:12 Xyene

https://dmoj.ca/submission/1058794 looks like it's executing random code. I don't see why we would make it pass.

quantum5 avatar Dec 18 '18 00:12 quantum5

This has been done for a long time.

Xyene avatar Dec 31 '22 20:12 Xyene