Computer Science Canada Creating Online Judge from scratch |
| Author: | Panphobia [ Thu Jun 11, 2015 6:01 pm ] |
| Post subject: | Creating Online Judge from scratch |
I am starting a programming contest at my university and I have been writing an online judge for it recently. It came to my attention that I need to sandbox the programs that I am writing so that they don't do damage to the server. So I know that ulimit can limit the amount of memory and cpu time a process has, but how would I limit other things like, preventing them from doing something like system("rm -rf ~")? |
|
| Author: | Tony [ Tue Jun 16, 2015 6:14 pm ] |
| Post subject: | RE:Creating Online Judge from scratch |
Don't forget network access. As for system calls... you basically don't. Run untrusted code in an isolated environment (e.g. via https://en.wikipedia.org/wiki/Docker_(software) ) and let them trash their own space. |
|
| Author: | Panphobia [ Wed Jun 17, 2015 10:41 pm ] |
| Post subject: | RE:Creating Online Judge from scratch |
What about the sandboxing programs you find on the internet like libsandbox and EasySandBox(https://github.com/daveho/EasySandbox). They block system calls, don't allow internet access (at least not with curl) etc. I am only looking to have support for Java/C/C++ since this is an ACM styled contest. |
|
| Author: | Tony [ Thu Jun 18, 2015 12:08 pm ] |
| Post subject: | RE:Creating Online Judge from scratch |
That might work for your purposes. I'm not familiar with that project though. |
|