From owner-freebsd-security  Tue Jun 12 23:24:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ldc.ro (ldc-gw.pub.ro [192.129.3.227])
	by hub.freebsd.org (Postfix) with SMTP id 09B6937B405
	for <security@freebsd.org>; Tue, 12 Jun 2001 23:24:12 -0700 (PDT)
	(envelope-from razor@ldc.ro)
Received: (qmail 8431 invoked by uid 666); 13 Jun 2001 06:24:03 -0000
Date: Wed, 13 Jun 2001 09:24:02 +0300
From: Alex Popa <razor@ldc.ro>
To: security@freebsd.org
Subject: Compiling untrusted source -- what are the risks?
Message-ID: <20010613092402.A8413@ldc.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

What would be the risks of setting up a server that will evaluate some
programs, something like USACO or ACM competitions?

The user submits the source, and the machine should compile it, run it
against a number ot test cases, and then produces a result - program
accepted, wrong answer, compile error or run-time error.

The step I am worried about is the compiling, since I do need to have
the include files and libraries available.  The output should be a
statically linked file, which would run in a jail (separate one per
source file) which contains nothing more than the compiled binary, and
the input file.  The evaluation program will run in a separate jail,
given only the output file from the program, and maybe an "expected
results" file.  I plan on using ipfw to block all traffic on that
machine (will be a dedicated machine) not coming from a few trusted
uids (like root and the evaluation process).  I also plan setting up
resource limits, and not running more evaluation jobs at the same time
(ruins timing).

Do you think this is feasible using FreeBSD, or is there something I
have missed, something that would get my machine rooted and
"dd if=/dev/zero of=/dev/ad0"ed?

Thanks a lot
	Alex

------------+------------------------------------------
Alex Popa,  |  "Artificial Intelligence is
razor@ldc.ro|         no match for Natural Stupidity"
------------+------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message