What harm can a C/asm program do to Linux when run by an unprivileged user?

Question

I have been thinking about a scenario where one lets users (can be anyone, possibly with bad intentions) submit code which is run on a Linux PC (let's call it the benchmark node). The goal is to make a kind of automated benchmarking environment for single-threaded routines. Let's say that a website posts some code to a proxy. This proxy hands this code to the benchmark node, and the benchmark node only has an ethernet connection to the proxy, not internet itself.

If one lets whatever user post C/asm code to be run on the benchmark node, what security challenges will one face? The following assumptions are made:

• The program is run as an unprivileged user
• The proxy will have the opportunity to kill the process on the benchmark node (take the scenario of an infinite loop for instance)
• The proxy is able to restart the benchmark node (if it replies...)

So, is it in practice possible that this user space program can make the OS crash, or make the machine unavailable to the proxy? With assembly the programmer can do basically whatever he wants (manipulate stack pointer for instance), and I wonder how restrictive/robust Linux is in this respect. I also know about the possibility for processes to request shared memory regions with other processes (shm), which might also play a role here?

Any literature or articles about this subject are very welcome.

Sandbox solutions might also be interesting, but it's important that the CPU must perform 100% of what it is capable of during the benchmark (at least on the core the benchmark is run).

Answer 1

Just a quick list off the top of my head. Essentially, if you do not trust the users at least a little, you are in deep trouble:

• Filesystem manipulation: delete or overwrite files belonging to the user the process is run as
• Snooping all sorts of data found on the system (files, sometimes network traffic of same user)
• Killing the user's other processes
• Consuming memory until OOM Killer starts killing random processes or (if you have swap enabled) until the machine slows down to a crawl
• Generating lots of I/O to slow down the system
• Executing exploits at will (you are close to certain to have some unpatched priviledge escalation vulnerability somewhere)
• Exploiting vulnerabilities in any software the user is able to run
• Hosting a DDoS network or child pornography file server on your machine
• Using your machine as a proxy for starting attacks against CIA and FBI servers
• The sky is the limit...

Doesn't sound like a good idea.