How does the ACM ICPC Online Judge prevent malicious attacks?

views:

329

answers:

+2 Q:

How does the ACM ICPC Online Judge prevent malicious attacks?

I've spent more than a few hours humbling myself on the ACM ICPC's problem set archive, and I've wondered how the online judge is able to compile and run source code from any user and prevent malicious attacks to their system.

Are the compiled binaries run from some kind of limited sandbox? How would one go about setting up this kind of sandbox? What OS would you use? How would you launch a user's compiled executable?

You could run it in a Linux chroot jail, or link it against a libc that doesn't implement any file I/O.

thirtyseven 2009-06-18 20:20:03

What exactly is a chroot jail?

Andrew Garrison 2009-06-19 14:42:01

It's an environment available in some UNIX systems that lets a program run without having any access to the full filesystem. Processes running inside the jail see a certain subdirectory as their root directory, and cannot access anything outside of it. Specifically, a system call sets the fake root directory and all child processes inherit it.

thirtyseven 2009-11-10 22:24:13

I think they don't run any code. Sometimes there is this error "Restricted function" for example when you try to read or write a file "ofstream" & "ifstream" in c++

Ahmad Farid 2009-08-17 15:22:45

The programs are run in a chrooted jail with a limited run time. Judge computers are distributed across a number of servers to help prevent a single point of failure or DOS attacks.

I am a regional contest admin.

N8s 2010-07-14 15:07:09

could you elaborate on what a chrooted jail is?

Andrew Garrison 2010-07-15 01:50:05

ansaurus

tags:

views:

answers:

How does the ACM ICPC Online Judge prevent malicious attacks?

related questions