I am involved in making an online-programming-judge supporting C/C++ like SPOJ,UVA etc on Linux machine(Ubuntu). The code itself is in C++ . I have to prevent the server from malicious code.
I plan to implement security in 2 steps.
1. By jailing (sandboxing) the executing code with chroot system call in a folder with restricted environment. I came across a utility Jailkit, but i think the system call alone will suffice my work as i don't have to jail the users, only the executing code. For creating a run time environment in folder i copied the following files along with files for creating a restricted shell (only shell builtin are allowed)
$ ldd ./a.out
linux-gate.so.1 => (0x00f4c000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x007a5000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0x00b80000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00e0c000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x00110000)
/lib/ld-linux.so.2 (0x00f7c000)
where a.out is an executable c++ file.
Problems encountered:
i)I have tried few programs which are running fine in jail. But can anybody confirm that these file will be sufficient for all algorithm-intensive codes i.e no need to handle any system call explicitly.
ii) It will be great if anybody can suggest any method to restrict some system calls by restricting runtime libraries supplied to jail folder as fork(),socket() etc which are not expected by a code.
iii) Just for sake of knowing, i have also copied the file shown by ldd /usr/bin/gcc
and /usr/bin/gcc. But i am unable to use gcc in jail with errorbash-4.1# /usr/bin/gcc try.c
gcc: error trying to exec 'cc1': execvp: No such file or directory
How can i fix it?
2.By tracing the system calls with the help of ptrace and KILLing the running code if it uses some suspicious system calls. Now problem is of what system calls should be banned ? What i feel is restricting fork(), vfork(), and execve() will do the work because there is a time limit( hardly > 10 sec) for each program to execute. After that it will be automatically killed and there is no other way to create another process except fork(), vfork(). But since my thoughts are bounded by my imagination, it will be great if anybody got other opinions to bend the things here.
So basically i am worried about i) and ii) point in "problems encountered" and if somebody can think of a way to hack after restrictions pointed in 2nd point.
To add your problem to your contest, choose "gym" from judge list and add your problem using its code (contest code + problem code, i.g. 207753A).
An OJ (Online Judge) system is a web software for compiling, executing and evaluating programs submitted by users. OJ systems were originally used in programming competitions.
The single biggest security risk of running something like this is the possibility of making outgoing network connections on port 25. Someone will find your service, make thousands of dollars spamming, and you'll get banned by your host. Plus you'll make everyone else on your hosting provider/isp hate you for getting the whole ip block blacklisted in every overzealous anti-spam baron's databases.
Fortunately iptables
can block locally originating packets based on the uid of the process that created them. This is probably the least obtrusive way to protect yourself against becoming an aid to spammers, but you might just use a more restrictive firewall if the box doesn't need to make legitimate outgoing connections.
Also note that, these days, outgoing http and https connections might be just as useful for spamming (message boards, compromised Twitter and FB accounts, etc.) as smtp, so you might really want to do some heavier blocking or just block network access entirely.
you may want to look at this project: an online-judge oriented sandbox library. http://sourceforge.net/projects/libsandbox/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With