C++: Can function pointers be traced back to the original function before compilation without looking at the function name?

Question

I want to set up a server on which students can upload and run code for a course. However, I don't want them to access various functions, like system(), which could allow bad access to my server. I can search the pre-processor output for an explicit function call, but if the user makes a function pointer like this:

int (*syst)(const char*) = system;
syst("rm *");

I'm still open to the threat. However, I can't just search for the string "system", for example, since it's otherwise a valid name - if the student didn't include cstdlib, they could use that name as a variable name. Since this is a beginning programming course, having a blacklist of variable names ten miles long is a bad idea.

Is there a way to define the functions other than by name and allow me to search for that other designation before compiling their code?

Answer 1

By far the easiest solution is to compile the code - that's pretty harmless - and then look at the actual library imports. Users may have defined their own system, but that wouldn't cause system to be imported from glibc.

Showing imported symbols

The main reason you can't look at the raw source code is because #define allows malicious users to hide the blacklisted symbol names. But there are plenty of other possibilities to do that, including

auto hidden = &sys\
tem;

So you need some processing of the source, and it's probably easiest just to fully process the whole source.

Answer 2

I would also suggest running this inside a chroot as a non-privileged user. It's lighter weight than a VM.

Alas, it's not possible (easily) to get a functions name from a pointer How to get function's name from function's pointer in C? That question is from a C perspective, but it's the same problem, essentially.