1

I want to execute code for an online-judge project.

I couldn't find documentation for the Python wrapper of libsandbox I've found sample2.py and some test cases but without explanations.

What are the defaults when creating a sandbox? Is it secure by default?

I want to execute untrusted code and - Limit CPU - Limit Memory - Limit execution time - Allow read/write access only to a specific folder and limit the size of this folder. - Block network IO. - Block executing other programs.

This code combines two examples I found:

cookbook = {
'args': args[1:],               # targeted program
'stdin': sys.stdin,             # input to targeted program
'stdout': sys.stdout,           # output from targeted program
'stderr': sys.stderr,           # error from targeted program
    'jail': './foo',
    'owner': 'nobody',
'quota': dict(wallclock = 30000,# 30 sec
              cpu = 2000,       #  2 sec
              memory = 8388608, #  8 MB
              disk = 1048576)}  #  1 MB
# create a sandbox instance and execute till end
s = Sandbox(**cookbook)
s.run()
s.result == S_RESULT_OK

What does disk in quota limit? Does it limit the total bytes the script can write in this run or the size of the folder? What does setting owner to nobody do? Will the code in my example block executing arbitrary code, block network IO and block access to files outside of the jailed folder?

Thanks

pablo
  • 2,719
  • 11
  • 49
  • 67

1 Answers1

4

What are the defaults when creating a sandbox? Is it secure by default?

  • A Sandbox instance is permissive by default. It grants unlimited quota unless you specify quota; it allows all system calls except ones that lead to multi-processing (i.e. fork(), vfork(), clone(), ...) and inter-process communication (i.e. waitid(), ptrace(), ...) unless you filter system call events with a custom policy.
  • The sample code (sample2.py) distributed with libsandbox is a minimal working example of restrictive, white-list sandboxing. Use that as the framework of your watchdog program.

What does disk in quota limit? Does it limit the total bytes the script can write in this run or the size of the folder?

  • disk quota limits the total bytes that the target program can write to all eligible file systems (i.e. ones that support quota limitation and are capable of generating SIGXFSZ signals).
  • If the program writes a regular file on ext3 or ext4 file system, that usually counts; but writing to standard output stream or /dev/null does not count against the quota. Nevertheless, you can implement folder-based quota within your custom policy.

What does setting owner to nobody do?

  • Execute the targeted program on behalf of user nobody. The owner argument wraps the OS-level service setuid(). After setuid() to nobody, the targeted program has all the permissions the OS granted to user nobody, and nothing beyond.
  • Please note that, you have to be a super user to be able to specify an owner other than yourself.

Will the code in my example block executing arbitrary code, block network IO and block access to files outside of the jailed folder?

  • Not exactly. All system calls made by the program are reported to the Sandbox, but you have to plug a policy module that explicitly blocks system calls relating to network IO. Or you can filter all system calls against a white list, as did by the sample code sample2.py.
  • Also note that, you have to be a super user to be able to specify a jail other than the root directory /.

DISCLAIMER: I am the author of libsandbox.

liuyu
  • 1,279
  • 11
  • 25