project-lemon
project-lemon copied to clipboard
Published
20 hours ago •
zhipeng-jia
zhipeng-jia
Sandbox for unsafe program?
What steps will reproduce the problem?
1. put something dangerous/illegal into source code
system("rm -rf /")
search for standard output file under home directory
attach and debug lemon
modify other users' programs
kill you
2. use lemon to judge it
3. all hell breaks loose
What is the expected output? What do you see instead?
this defect makes lemon unusable for serious competitions.
What version of the product are you using? On what operating system?
maybe all
Please provide any additional information below.
several good solutions do exist.
Haoqiang FAN gave a talk at BJWC2013 and posted some odp:
http://fanhq666.blog.163.com/blog/static/8194342620131510211721/
his solution involves ptrace and setrlimit, which is good for *nix, but makes
life hard under Micro$oft Windows.
he is willing to participate in this project.
if you are interested, mailto fanhqme[[at]]126.com/fanhqme[[at]]gmail.com (make
sure you use Chinese whenever possible)
Original issue reported on code.google.com by [email protected] on 10 Feb 2013 at 1:49
Actually, Lemon does not have any Sandbox under both Linux and Windows.
I have learnt something about how to control process's privilege under Linux or
Windows. Both I think it's a little hard for me, especially Windows (too much
Windows APIs).
My original purpose is just to give an alternative easy-using judge platform
under Linux for self-testing, not for formal contest. So I haven't do much
about control contestants' programs.
Another purpose is just to study writing GUI application for myself.
Original comment by [email protected] on 21 Feb 2013 at 5:28
Thanks for timely response.
Easy-to-use and reliable judge platform is becoming a pushing need for OIers
who live in *nix world. Lemon serves as a good start point, and will surely
have successors.
Controlling process privilege is not too hard ( see those OJs! ), but requires
quite some time for cross-platform experience. It should be a long-term goal
for lemon.
So this issue should be marked as closed.
Original comment by [email protected] on 21 Feb 2013 at 10:55
Recently I'm developing a Online Judge website using Ruby on Rails. So I think
I need to learn something about privilege control.
In Linux I learnt that I can use ptrace to control privilege. In Windows I
found the Sandbox source code of Chromium, I'll try to combine it with Lemon in
the future.
Original comment by [email protected] on 22 Feb 2013 at 3:48
That will be great.
On Windows, debug api may be helpful. Another workaround is to talk
interactively with gdb setting breakpoints on all dangerous functions.
However, I guess python is going to make the story a little longer.
Original comment by [email protected] on 23 Feb 2013 at 1:00