I am making a C++ testing server and want to do that compiled programs would:
- not have access to read or write files.
- not have access to open or connect through sockets.
- not be able to work with ANY non-standard C++ (e.g. system) libraries
- have full access to CPU (no or very little performance loses).
- have limited RAM memory.
- have limited running time.
I hope I have not forgotten anything but what I want to do is to make a normal testing system without possibility to be hacked through the compiled program.
Any tips, links, whatever? Any compiler options?
Here is what current system is going to be:
OS: Ubuntu
Compiler: GCC
Edited:
Do you know whether it's possible to disable ALL system librariesin the compiler? That would help a lot :)
Edited (again):
Here is what I came up with: I make a program that forks it self and the the parent process tracks the testee for timelimits (while you still can use some system command for that as well) and the child process limits it self (resources, seccomp) and runs the untrusted software.