On-line judgment kernel module
earthman
earthman at inbox.ru
Wed Oct 8 21:47:37 PDT 2003
I want to create on-line judge for acm like
olympiads. So I have to execute some code
that came in source from outside(www).
Thus security problem is my main problem.
The idea is to deny all syscalls for specific
process p. This is possible even without rewriting
kernel by kernel module.
Now I'm thinking how to do this.
Possibly it would be easy to point p->sv_sysent
to the structure that points sv_prepsyscall
to some function that denies some system calls.
(kill process, make some record in module about
restricted call)
But I don't understand how to cancel syscall
out of those function. Maybe it's possible
to change code parameter to something else.
--
Best regards,
earthman mailto:earthman at inbox.ru
icq: 145680330
More information about the freebsd-hackers
mailing list