5

I am making a C++ testing server and want to do that compiled programs would:

  • not have access to read or write files.
  • not have access to open or connect through sockets.
  • not be able to work with ANY non-standard C++ (e.g. system) libraries
  • have full access to CPU (no or very little performance loses).
  • have limited RAM memory.
  • have limited running time.

I hope I have not forgotten anything but what I want to do is to make a normal testing system without possibility to be hacked through the compiled program.

Any tips, links, whatever? Any compiler options?

Here is what current system is going to be:

OS: Ubuntu

Compiler: GCC

Edited:

Do you know whether it's possible to disable ALL system librariesin the compiler? That would help a lot :)

Edited (again):

Here is what I came up with: I make a program that forks it self and the the parent process tracks the testee for timelimits (while you still can use some system command for that as well) and the child process limits it self (resources, seccomp) and runs the untrusted software.

Pijusn
  • 163
  • 6

5 Answers5

3

You may be interested in seccomp. This is a feature with which Linux runs a process with only a very limited set of available system calls; the kernel kills the process at any attempt to execute any other call. This is, conceptually, the Right Way to do this kind of isolation: use a (small) whitelist of allowed system calls, instead of a blacklist of disallowed calls. Seccomp can be used by chromium (the opensource side of Google Chrome) so there's good chance that it will remain supported for the time being.

The Wikipedia page has a few links, including seccomp-nurse, which might be the software you are looking for.

For CPU time and memory consumption, the Linux kernel can enforce hard limits on a per-process basis; see setrlimit.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Yeah... I was looking for some kind of sandbox too but couldn't really find the right thing. This one seems to be worth a try. Will definitely try it out in a sec and mark your answer as an answer if it works for me :) – Pijusn Jan 08 '12 at 15:49
  • Do you know whether it's possible to enable seccomp on a process via terminal? Like "seccomp ./untrusted" – Pijusn Jan 08 '12 at 17:13
2

What you are describing sounds a lot like Google's NaCl. Google designed this as a safe way to run native x86 code in the web browser, but they have a sample that runs standalone with no browser. They include a GCC compiler that outputs NaCl-x86 rather than standard x86.

Robert David Graham
  • 3,883
  • 1
  • 15
  • 14
1

You should probably run the program inside a virtual-machine, probably created using Xen if you don't want to pay for VMWare.

Jeff Burdges
  • 837
  • 5
  • 9
  • Is there any article on how to manage the inside of Xen (create file, compile and execute) from an outside terminal? I still need to keep my server it self outside VM. – Pijusn Jan 08 '12 at 14:55
  • I've never seen a good one myself, googling "virtualization for security" yielded many results, but most just bullshit. I'd honestly just skim the Xen or VMWare manual, looking for what relevant options they offer, like prohibiting network, drive, etc. access. – Jeff Burdges Jan 08 '12 at 15:57
1

Here is another option I found out about. Terminal command gksu has an option to execute command as another user:

--user < user >, -u < user >

Call as the specified user.

I think this might create some sort of sandbox.

P.S. Made this as a new answer as it's one of possible solutions and is worth being commented on seperately.

Pijusn
  • 163
  • 6
1

Have you thought of using chroot? https://help.ubuntu.com/community/BasicChroot

It's more freebsd'y but it will work. Seccomp takes care of syscalls, just removing the system libraries won't actually work since people can just add their syscalls. But chroot is another level of making sure they don't break out and another level of safety. You can dynamically create a chroot'd jail then compile fairly easily and have each process run inside of it without worry of two peoples interacting,

user1392
  • 119
  • 2