[plug] UML (was Cooking (was Fun with Microwaves (was Fish Worms (was apt-get vs RPM, Debian vs Suse, 2.4 vs 2.6 (was Bankwest on Debian Testing/Unstable)))))

Bernard Blackham bernard at blackham.com.au
Sun Nov 9 19:27:11 WST 2003


> UML is nice when you get your head around it.

Speaking of UML, I'm soon going to undertake the task of creating a
bulletproof environment for running untrusted code, as part of an
online code judging system. Submitted code *should* do nothing more
than read in an input file, do some processing in a time limit, and
then write to an output file. Currently my plan is to use grsecurity
and systrace in the kernel.

Systrace will let me control which syscalls they can do (deny
unlink, socket, etc), and also report when a program tries to
violate the policy. Grsecurity will put the judging uid into it's
own little process space so it can't get any information about the
machine it's running on, and make the chroot that it lives in less
breakable.

I haven't thought hard about using UML yet, but it seems like a good
idea. Ideally, the judging system would run in a UML (with grsec &
systrace in that kernel) so they couldn't touch the real machine
even if they did manage to do something nasty to the UML.

Originally I had written a program that would just ptrace the code,
and make sure it didn't make syscalls that weren't permitted - which
worked great until we had to support Java. A program compiled with
gcj does all sorts of things like call UNIX sockets, setrlimit(),
etc, etc, at which point I found systrace could save me :)

I'm just asking for suggestions from anybody who might've done
something like this before or has any ideas about how it might
possibly be broken. :)

TIA,

Bernard.

-- 
 Bernard Blackham 
 bernard at blackham dot com dot au
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list