LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 01-16-2009, 03:58 PM   #1
spiriad
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Rep: Reputation: 0
Question Permissions ( to avoid unwanted things )


I want to make an automated system to compile & run the source codes from different persons and to tell if the output is the same with the standard one(wich is given by me). Ok, this is quite simple, but the tricky part is,how do I avoid the "bad intentions" that may result from running those compiled sources.(Eg.: a program that should return the sum of two numbers, is designed to halt the sysyem ).Generaly speaking, how do I prevent those programms do things like: network accesing, creating to many child processes (causing a DOS), generating to much output (thus the system remains out of space), using to much memory, calling system functions, etc. How to protect my system from this kind of (posible) abuses ? (I mention that the sources submitted are , for now, c++ sources, but should work for other languages too).

Thanks, Adrian
 
Old 01-17-2009, 06:04 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578Reputation: 3578
Welcome to LQ. Hope you like it here.

Quote:
Originally Posted by spiriad View Post
the tricky part is,how do I avoid the "bad intentions" that may result from running those compiled sources. (..).Generaly speaking, how do I prevent those programms do things
(There's three public code submission servers I know of, one of them by the University of St. Petersburg IIRC, so maybe you could ask any of those teams how they set up their servers and post back any nfo).

IMHO the best way to run this would be a separate dedicated server restoring the system on reboot and logging to a separate syslog server. If that's prohibitive in terms of available hardware then in terms of any resource access, fork bombs you're looking for access controls (GRSecurity, SE Linux) and because of the impact on the host you better isolate that whole process in some virtual machine (VMware, QEmu, Virtualbox). Since virtualization uses host memory there is always an, albeit minute, chance memory corruption still occurs but at least you know they'll have to know what you're running (don't display nor advertise), find flaws for it and code it well. Logging as much as possible and catching errors early is crucial and it also is a good idea to run lint checkers and flawfinders (and maybe your own filters based on your knowledge of secure coding standards) on submitted code to reject code with glaring errors or obvious obfuscation without even compiling.

Last edited by unSpawn; 01-17-2009 at 06:06 AM. Reason: Add URI
 
Old 01-18-2009, 12:20 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,649

Rep: Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483Reputation: 2483
Good advice. I'd also add for 'restoring on reboot', why not use a Live CD to run the system and just put this input code on the HDD. Then you can easily rm -rf the HDD as needed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The bug reporting culture: 10 things to avoid, 10 things you can do LXer Syndicated Linux News 0 01-21-2008 02:10 AM
Suse: confused on many things, why is installing things so hard? blackflare Linux - Newbie 11 10-16-2007 04:35 AM
to remove unwanted things from linux kernel mathimca05 Linux - Newbie 1 10-15-2007 05:18 AM
LXer: Things found on the way to other things. LXer Syndicated Linux News 0 01-06-2007 08:03 PM
Samba adding unwanted permissions digi691 Linux - Networking 0 05-20-2006 01:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration