Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable system() and exec() function in C and Pascal

Tags:

c++

c

system-calls

pascal

Is there any way to disable system() and exec() function in C/C++ and Pascal, by using any compiler argument or modifying header/unit file? (It's a Windows)

I've tried using -Dsystem=NONEXIST for gcc and g++ but #include <cstdio> causes compile error.

EDIT: Of course I know they can use #undef system to bypass the defense, so I've tried to comment out the system function line in stdlib.h, but that doesn't work too.

EDIT2 (comment): It's a system, to which users submit their programs and the server compile and run it with different input data, then compare the program output with pre-calculated standard output to see if the program is correct. Now some users send code like system("shutdown -s -t 0"); to shutdown the server.

The server is running Windows system so I don't have any chroot environment. Also the server application is closed-source so I can do nothing to control how the program submitted by user is executed. What I can do is to modify the compiler commandline argument and modify header files.

like image 241
hexchain Avatar asked Jan 19 '23 09:01

hexchain

1 Answers

Well, you could try:

#define system DontEvenThinkAboutUsingThisFunction
#define exec   OrThisOneYouClown

in a header file but I'm pretty certain any code monkey worth their salt could bypass such a "protection".

I'd be interested in understanding why you thought this was necessary (there may be a better solution if we understood the problem better).

The only thing that comes to mind is that you want to provide some online compiler/runner akin to the Euler project. If that was the case, then you could search the code for the string system<whitespace>( as an option but, even then, a determined party could just:

#define InoccuousFunction system

to get around your defenses.

If that is the case, you might want to think about using something like chroot so that no-one can even get access to any dangerous binaries like shutdown (and that particular beast shouldn't really be runnable by a regular user anyway) - in other words, restrict their environment so that the only things they can even see are gcc and its kin.

You need to do proper sandboxing since, even if you somehow prevented them from running external programs, they may still be able to do dangerous things like overwite files or open up socket connections to their own box to send through the contents of your precious information.

like image 112
paxdiablo Avatar answered Jan 27 '23 19:01

paxdiablo
Sign in to Comment

Related questions

Vector2 class in C++
Boost.Assign: using objects with map_list_of?
Is there any way to get a direct pointer to a Java array via JNI?
Optimal way to fill std::vector<char> buffer
How to simulate virtuality for method template
Null is type object, so it's truthy? What's going on behind the scenes?
Curly Bracket Initialization in C++ and Java
Should I explicitly zero initialize auto_ptr?
TBB concurrent_vector with openmp
performance test between two directions of a 2D array
calling QMetaObject::invokeMethod() with variable amount of parameters
boost::scoped_lock not working with local static variable?
Is ISO/IEC 14882:2011 the final draft?
Multiple instances of a class with constant variables use same memory for constants?
Which type in c++ can store 2^63?
Multiple postfix increment operator in an expression[C++] [duplicate]
Why does Stroustrup's book demonstrate default function template arguments, which weren't allowed at the time?
intel pin RTN_InsertCall multiple function arguments
Write function not using the seekp value
Why change warning level of a specific warning in C++?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!