On-line judgment kernel module

David Gilbert dgilbert at dclg.ca
Thu Oct 16 18:39:30 PDT 2003


>>>>> "earthman" == earthman  <earthman at inbox.ru> writes:

earthman> I want to create on-line judge for acm like olympiads. So I
earthman> have to execute some code that came in source from
earthman> outside(www).  Thus security problem is my main problem.

earthman> The idea is to deny all syscalls for specific process
earthman> p. This is possible even without rewriting kernel by kernel
earthman> module.

earthman> Now I'm thinking how to do this.  Possibly it would be easy
earthman> to point p->sv_sysent to the structure that points
earthman> sv_prepsyscall to some function that denies some system
earthman> calls.  (kill process, make some record in module about
earthman> restricted call) But I don't understand how to cancel
earthman> syscall out of those function. Maybe it's possible to change
earthman> code parameter to something else.

I don't know how secure this would be from random binary attacks, but
I'd be very tempted to run the tests inside a vmware or bochs instance
launched by a script.  If I was making the decisions, I'd lean towards
the bochs emulator ... as it's a complete virtual environment rather
than vmware's magic mojo.

As you conjecture, a syscall-less or syscall-restricted environment
*should* be safe ... if your syscall changes are bulletproof *_and_*
the rest of the runtime environment is bulletproof.

Isn't a syscall required to finish off exit()?

I would expect that bochs is scriptable.

Dave.

-- 
============================================================================
|David Gilbert, Independent Contractor.       | Two things can only be     |
|Mail:       dave at daveg.ca                    |  equal if and only if they |
|http://daveg.ca                              |   are precisely opposite.  |
=========================================================GLO================


More information about the freebsd-hackers mailing list