Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Suppressing system calls when using gcc/g++

Tags:

linux

gcc

g++

I have a portal in my university LAN where people can upload code to programming puzzles in C/C++. I would like to make the portal secure so that people cannot make system calls via their submitted code. There might be several workarounds but I'd like to know if I could do it simply by setting some clever gcc flags. libc by default seems to include <unistd.h>, which appears to be the basic file where system calls are declared. Is there a way I could tell gcc/g++ to 'ignore' this file at compile time so that none of the functions declared in unistd.h can be accessed?

like image 368
kyun Avatar asked Mar 03 '11 20:03

kyun


1 Answers

Some particular reason why chroot("/var/jail/empty"); setuid(65534); isn't good enough (assuming 65534 has sensible limits)?

like image 70
Joshua Avatar answered Oct 14 '22 08:10

Joshua