5

I am building a web based interface where people can type in simple C code for solving algorithmic programming questions. I am using Ace editor where people can type in code and when the press the run button, the C code is sent to server, compiled and output sent back.

How do the accomplish the second part in a secure way. I mean given a C code file, compile it and execute it. I can't trust the code so how do i make sure its not malicious and will not harm my system. Also how to impose memory and time limits.

Is there any already existing system open source system available which I can modify to suit my needs? I didn't find anything in my search. Or some pointers on how i should proceed next?

edit: Found http://cs.sru.edu/~contest/rocktest/ and trying to understand their code but still looking for better options, preferably in php

Kijewski
  • 25,517
  • 12
  • 101
  • 143
itsfrosty
  • 203
  • 2
  • 8
  • possible duplicate of [Grading Program - Compile/executing c++ code within c++](http://stackoverflow.com/questions/5131085/grading-program-compile-executing-c-code-within-c) – Ben Voigt Mar 21 '11 at 01:40
  • 1
    Is http://ideone.com/ too simplistic? – johnsyweb Mar 21 '11 at 01:42
  • 1
    Check out the [about page](http://codepad.org/about) for [codepad.org](http://codepad.org/). Namely: "The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits." – Joey Adams Mar 21 '11 at 01:56
  • php and security does not mix well with each other – J-16 SDiZ Mar 21 '11 at 05:55
  • PHP and security doesnt mix well? Says who? I – Eastern Monk Sep 08 '11 at 00:45

5 Answers5

2

Allow me to plug AppArmor, a simple mandatory access control mechanism that can make creating these sorts of sandboxes simple. Here is a profile I have in place to confine my xpdf PDF viewer:

#include <tunables/global>

/usr/bin/xpdf {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/X>
  #include <abstractions/fonts>

  /dev/tty rw,
  owner /dev/pts/* rw,
  /etc/papersize r,
  /etc/xpdf/* r,
  /bin/bash ix,
  /usr/bin/xpdf r,
  /usr/bin/xpdf.bin rmix,
  /usr/share/xpdf/** r,
  /usr/share/icons/** r,
  owner /**.pdf r,
  owner /tmp/* rw,
}

You could learn the basics of confining applications of your choice in half a day or so, and have profiles written for your server in another half day. (That xpdf profile took me about four minutes to write, but I know what I'm doing. We have deployed AppArmor on a leading online retailer's public-facing servers over the course of an afternoon, with similar results with other deployments.)

AppArmor also gives an easy interface for configuring run-time limits, such as how much memory a process is allowed to allocate:

rlimit as <= 100M,  # limit address space to 100 megabytes

AppArmor would be easiest to use on Ubuntu, openSUSE, SLES, PLD, Mandriva, Pardis, or Annvix distributions, as the tools come pre-installed. But the core AppArmor functionality is in stock Linux kernels 2.6.36 and newer, and it is possible to install AppArmor on any Linux distribution.

Other similar tools include SElinux, TOMOYO, or SMACK. I think SMACK would be the next-easiest to deploy, but any of them could prevent malicious code from harming your system.

sarnold
  • 102,305
  • 22
  • 181
  • 238
1

You'll have to execute the code in a sandboxed environment. There is a similar question on SO that might help.

You could also run some virtual machines to execute the code, but that's basically an example of sandboxing - just a bit heavy.

Community
  • 1
  • 1
NG.
  • 22,560
  • 5
  • 55
  • 61
  • Coudl you go into details about how to create a sandbox outside of the normal chroot/sysjail procedures(which aren't a complete solution) – Earlz Mar 21 '11 at 01:57
1

I recommend the Ideaone API: http://ideone.com/api

johnsyweb
  • 136,902
  • 23
  • 188
  • 247
  • Just to add to answer based on my research till now: Ideone provides a free soap api where you can submit code in lot of languages including C and they return the output or error. They also give memory and time used. – itsfrosty Mar 21 '11 at 12:22
0

Run the code in a sandbox - a virtual machine.

In addition to that I would remove access to any sytem calls and only allow calls to the standard C libraries. Also, replace any unsafe library calls with your own calls that check the input and delegate safe inputs to the real functions (in particular for malloc you would want to put an upper bound on how much each program can allocate).

If you do the above, just one virtual machine should be enough for everyone's code.

CromTheDestroyer
  • 3,616
  • 3
  • 20
  • 26
  • So basically use something like openvz or user-mode linux to confine the user to his own environment. For the second part which is replacing unsafe library calls with my own seems - Any idea of existing solutions? – itsfrosty Mar 21 '11 at 01:49
  • @itsfrosty: Existing solutions for the whole "replace C headers with your own"? No, but it's easily doable if you use a C parsing library (which you can find in the eclipse SDK). – CromTheDestroyer Mar 21 '11 at 13:04
0

I will be using uevalrun:

"The primary use case for uevalrun is evaluation of solution programs submitted by contestants of programming contests: uevalrun compiles the solution, runs it with the test input, compares its output against the expected output, and writes a status report."

Pau Fernández
  • 141
  • 3