-----------------------------------

Panphobia

Thu Jun 11, 2015 6:01 pm


Creating Online Judge from scratch

-----------------------------------

I am starting a programming contest at my university and I have been writing an online judge for it recently. It came to my attention that I need to sandbox the programs that I am writing so that they don't do damage to the server. So I know that ulimit can limit the amount of memory and cpu time a process has, but how would I limit other things like, preventing them from doing something like system("rm -rf ~")?


-----------------------------------

Tony

Tue Jun 16, 2015 6:14 pm


RE:Creating Online Judge from scratch

-----------------------------------

Don't forget network access.

As for system calls... you basically don't. Run untrusted code in an isolated environment (e.g. via https://en.wikipedia.org/wiki/Docker_(software) ) and let them trash their own space.


-----------------------------------

Panphobia

Wed Jun 17, 2015 10:41 pm


RE:Creating Online Judge from scratch

-----------------------------------

What about the sandboxing programs you find on the internet like libsandbox and EasySandBox(https://github.com/daveho/EasySandbox). They block system calls, don't allow internet access (at least not with curl) etc. I am only looking to have support for Java/C/C++ since this is an ACM styled contest.


-----------------------------------

Tony

Thu Jun 18, 2015 12:08 pm


RE:Creating Online Judge from scratch

-----------------------------------

That might work for your purposes. I'm not familiar with that project though.