How to protect an online judge from malicious code?

Question

How to protect an online judge from malicious code?

At Ideone, a user uploads code to run on a remote server. This is similar to the function of an online judge.

The problem is that users can download code that tries to “crack” the system. I understand that in C and C ++ it is easy to disable a specific set of system calls (patch some.dll), but I'm not sure about other languages.

How would you protect your system if you supported high-level languages (Erlang, Haskell) in online judges?

+7

security

Lucky Apr 1 '10 at 16:26

source share

2 answers

Use Ideone API

+4

kuszi Jul 29 '10 at 14:53

source share

mpez0 · Accepted Answer · 2010-04-01T16:46:17+0000

Running in the sandbox as an unprivileged user. This is not entirely flawless, but it makes the bar for causing lasting damage or serious compromise very high. It also does not depend on possible variants or modifications of the language runtime. If you are dealing with a fully compiled language (that is, without a runtime interpreter), you can also do this.

For example, take Erlang. Configure a chroot jail that contains only what you need to run Erlang. Add an unprivileged user account and home directory. Bring the code to run, check all rights to the file / directory, change to the non-privileged UID and run the code.

For more detailed instructions on setting up a prison, see the Wikipedia article mentioned above. The procedures and requirements are slightly different for different operating systems.

How to protect an online judge from malicious code?

More articles: