tags:

views:

212

answers:

4
+5  Q: 

Jailing user to GUI program in linux

Hello!

I have a project to create a program, which prevents the user from escaping a GUI program. The program is designed for students to take exams in. The program contains a web browser page.

I have looked around and asked in different places how I should do this, and I have been recommended Qt. I am now having second thoughts about it...

I am using ubuntu 9.04 64 bits.

What do you think is the best solution for jailing users in GUI programs?

+7  A: 

First of all, see this answer.

The best way to prevent users from using anything else is to use full-screen mode and not to start a window manager at all. So just start X and then your app and nothing else.

[EDIT] Some things you must take care of:

  • Disable the switching to the text console (usually Ctrl-Alt-F1..F10)
  • Killing the X server (Ctrl-Alt-Backspace)
  • Magic Keys (Alt-SysRq-...)

As you see, this can become arbitrarily complex. Therefore, I suggest to close some of the holes and let the hackers waste their time on the other ones. If they want to spend their time hacking the computer instead on the test, that's OK.

Aaron Digulla  2009-10-27 18:28:49
Good start, how ever this takes a lot more effort than you can anticipate. I could do Ctrl-F1, login at the console and start a second X server. And so on.
Niels Basjes  2009-10-27 18:46:03
Yes. But you're on the clock. So if you want to spend half an hour to hack the computer, you're going to fail.
Aaron Digulla  2009-10-27 18:54:28
+2  A: 

The first thing you'll want to do is disable the Ctrl-Alt-Backspace key combination in order to keep pesky users from shutting off your X server.

When it comes to what to write it in, I think your friends idea of Qt is a good one, you can probably write the whole program in something on the order of 50 lines. If all you care about is "Home", "Back", and "Forward" buttons, you can make a simple toolbar, and use the QWebView widget to do your actual web viewing. This would prevent the user from going anywhere since they wouldn't have an address bar, and they would still be able to take their test.

If you want to use an engine other than WebKit, you will probably end up with a lot more work, and WebKit should work on most websites anyway.

Jason E  2009-10-27 18:32:08
+1 for disabling CA-BS
Aaron Digulla  2009-10-27 18:35:00
I wouldn't just disable it, I would add a scary message.
patros  2009-10-27 18:38:25
I agree with patros. If you log all of the test-takers' "hacking" attempts with the test results, and give them a message to that effect, it will dissuade them from trying because if they fail to hack the machine and adequately cover their tracks, there will be evidence that they cheated.
rmeador  2009-10-27 19:03:57
In addition to disabling all keys except the minimum required for the GUI program, and if the GUI program handled student authentication, I would make the GUI program the login program for a passwordless chrooted test takers account.
David Harris  2009-10-27 19:05:40
A: 

I think the best solution is proctors and either video recording or system logging for unacceptable usage (e.g., process list snapshots).

What's your plan to stop people from bringing in materials? Or consult their iPhone during the exam? Or asking their neighbors? You don't need technology to solve a policy problem.

Jim Zajkowski  2009-10-27 18:59:04
If you can solve part of your policy problem with technology, then you can make better use of your time enforcing the rest of the policy problem.
Rob Kennedy  2009-10-27 19:38:50
+3  A: 

What are you trying to prevent?

My guess is that the main thing is a restriction to ensure they don't Google the answers.

As a completely different alternative approach: Criple the network stack to the point it can (just about) only reach the required server(s).

This can be done with a few (relatively effective) and simple settings:

  • No default gateway, only a gateway for the subnet where the exam server is located.
  • No DNS servers at all, only a fixed hosts file ( OR a exam DNS server that only contains the exam servers).

These settings can even be attained by tuning the DHCP server. This makes it easy to 'criple/uncriple' an entire training room with a setting and a reboot of all the systems.

Niels Basjes  2009-10-27 19:01:08

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS