Date: Thu, 16 Oct 2003 18:28:15 -0400 From: David Gilbert <dgilbert@dclg.ca> To: earthman <earthman@inbox.ru> Cc: freebsd-hackers@freebsd.org Subject: On-line judgment kernel module Message-ID: <16271.7039.150262.159805@canoe.dclg.ca> In-Reply-To: <1197083983.20031009074645@inbox.ru> References: <1197083983.20031009074645@inbox.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "earthman" == earthman <earthman@inbox.ru> writes: earthman> I want to create on-line judge for acm like olympiads. So I earthman> have to execute some code that came in source from earthman> outside(www). Thus security problem is my main problem. earthman> The idea is to deny all syscalls for specific process earthman> p. This is possible even without rewriting kernel by kernel earthman> module. earthman> Now I'm thinking how to do this. Possibly it would be easy earthman> to point p->sv_sysent to the structure that points earthman> sv_prepsyscall to some function that denies some system earthman> calls. (kill process, make some record in module about earthman> restricted call) But I don't understand how to cancel earthman> syscall out of those function. Maybe it's possible to change earthman> code parameter to something else. I don't know how secure this would be from random binary attacks, but I'd be very tempted to run the tests inside a vmware or bochs instance launched by a script. If I was making the decisions, I'd lean towards the bochs emulator ... as it's a complete virtual environment rather than vmware's magic mojo. As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime environment is bulletproof. Isn't a syscall required to finish off exit()? I would expect that bochs is scriptable. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16271.7039.150262.159805>