kjudge icon indicating copy to clipboard operation
kjudge copied to clipboard

Published 20 hours ago verified publisher icon natsukagami

Implement sandbox(es) for Windows

Open minhnhatnoe opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe.

It seems like an open-source sandbox for competitive programming has yet to appear. If kjudge is to support Windows, native sandboxing is a must.

Describe the solution you'd like

Below are a few solutions that can be considered.

Temporary user account

Create a temporary user account for executing the code. This account will have very limited access to file and folders present on the user's machine. Memory limits and other restrictions will be enforced using Windows Job Objects. This seems to be the solution used by many judging systems.

Advantages

Compatibility: Compatible with every Windows version ~~known to man~~ in use.

Disadvantages

Reinventing the wheel: This solution will require excessive penetration testing.

Vulnerable to tampering by outside apps: This is a half of the sandbox's purpose. Also, AVs such as Kaspersky are notorious for deleting compiled executables, simply because they do not have a certificate.

Security through obscurity: This is essentialy patching every hole manually, so chances are it can not be open-sourced.

Chromium sandbox

See here for the introduction of the Chromium Sandbox. In short, this sandbox is for running renderers, which are exposed to untrusted data and can be compromised.

Advantages

Should be easy enough to use.

Safe

Disadvantages

There is no documentation for this sandbox. Since memory limits and time limits are not implemented, we will have to configure the call to Windows Job Objects.

HCS/Moby

See HCSShim and Moby for details. In short, we are basically firing up Docker Containers for every test.

Advantages

Safe

Behaviour similar to isolate: the Host Compute Service (HCS) was created with the intention to imitate linux's cgroups and other access-limit services, which is how isolate functions.

Has half-decent docs: The docs generated on pkg.go.dev is sufficient to understand the inner workings of the code.

Disadvantages

Big code size: I haven't looked into the actual size of the executable, but I imagine it wouldn't be very lightweight.

minhnhatnoe avatar May 15 '23 13:05 minhnhatnoe