On-line judgment kernel module
David Gilbert
dgilbert at dclg.ca
Thu Oct 16 18:39:30 PDT 2003
>>>>> "earthman" == earthman <earthman at inbox.ru> writes:
earthman> I want to create on-line judge for acm like olympiads. So I
earthman> have to execute some code that came in source from
earthman> outside(www). Thus security problem is my main problem.
earthman> The idea is to deny all syscalls for specific process
earthman> p. This is possible even without rewriting kernel by kernel
earthman> module.
earthman> Now I'm thinking how to do this. Possibly it would be easy
earthman> to point p->sv_sysent to the structure that points
earthman> sv_prepsyscall to some function that denies some system
earthman> calls. (kill process, make some record in module about
earthman> restricted call) But I don't understand how to cancel
earthman> syscall out of those function. Maybe it's possible to change
earthman> code parameter to something else.
I don't know how secure this would be from random binary attacks, but
I'd be very tempted to run the tests inside a vmware or bochs instance
launched by a script. If I was making the decisions, I'd lean towards
the bochs emulator ... as it's a complete virtual environment rather
than vmware's magic mojo.
As you conjecture, a syscall-less or syscall-restricted environment
*should* be safe ... if your syscall changes are bulletproof *_and_*
the rest of the runtime environment is bulletproof.
Isn't a syscall required to finish off exit()?
I would expect that bochs is scriptable.
Dave.
--
============================================================================
|David Gilbert, Independent Contractor. | Two things can only be |
|Mail: dave at daveg.ca | equal if and only if they |
|http://daveg.ca | are precisely opposite. |
=========================================================GLO================
More information about the freebsd-hackers
mailing list