techt's blog

By techt, 9 years ago, In English

Problem : 439B — 29

This seems to be a new discovery for me o_o

My submissions :

long vs Long

Primitive vs a Wrapper Class... How can changing from long to Long suddenly impact the performance? why am I getting TLE with long but not Long ??

Full text and comments »

  • Vote: I like it
  • +3
  • Vote: I do not like it

By techt, 10 years ago, In English

Greetings

First I would like to say thanks to those answered my previous blog, their answers were very helpful.

Now.. in short I'm making an online judge as a graduation project and so far I have finished almost everything except for one last hurdle which is handling TLE and MLE. My priority right now is TLE.

Sandbox Server Details:
- Ubuntu 12.04 LT 64-bit
- Using XAMPP
- Using AppArmor

So , what I'm doing right now is basically get the source code from a post request and then I proceed to compile and run it using exec and shell_exec commands respectively, everything is working fine so far however I can't figure out how to implement TLE handling mechanism.

Right now I'm testing out some methods to accomplish TLE and to do so I'm running a C program to print out numbers from 1 to 250,000 so.. things I have tried :

1- Using timeout command http://manpages.ubuntu.com/manpages/precise/man1/timeout.1.html It works and kills the process after 1 second when I run it on the terminal just fine and the last number it outputs is about 32k however when I use it within shell_exec() it gives me complete output without killing the process.

2- Using some sleep command associated with a kill $! process , same result as above.
3- Changing daemon user to my current user (as I thought it could be a permission issue), same result as above.
4- Disabling AppArmor and restarting , same result as above.

I also googled a lot, I even skipped meals for it believing "I WILL FIND IT AT THIS VERY NEXT MOMENT!" but I can't seem to figure it out....I really don't want users to nuke infinite loops on the server so......help x_X

Full text and comments »

  • Vote: I like it
  • 0
  • Vote: I do not like it

By techt, 10 years ago, In English

Greetings

I'm a B-Tech Software Engineering Student and I'm on my last semester, I have a course project where I have to develop a simple "Online Judge" website, I decided to hard code it from scratch using php, here's an under development snapshot of the website front page:

I have about a month or more to finish the work, I can build the website and handle everything else related to the website except for one last hurdle, which is malicious code treatment.

This online judge will only accept submissions in C/C++/Java , however I need to make sure the code is safe to run. So far I have been playing around Java's Security Manager and I have learned about policy files and granting permissions as well passing arguments to use that file to restrict permissions.

I have tested and I can confirm it is working and restricting the user from creating a Socket and also executing a command via Runtime, I can also restrict file access permissions, some examples:

Socket s = new Socket("localhost",7777);
or
Runtime.getRuntime().exec("shutdown -s -t 0");

However I'm yet to completely understand how to modify the policy file, for instance I don't know how restrict java imports as I do not want the user to do any network related operations and neither execute JFrames or applets, I'm also yet to know how to use Class Loaders and how to measure memory usage and execution time to mark TLE and MLE .

This is just on the Java side, I'm yet to learn about sandboxing techniques for C++ , I can't seem to find good step by step video or tutorial that can easily explain how to go about it.

Some techniques I heard about but not tried would be virtualization, using chroot jail technique, LXC containers on Ubuntu, systrace and a bulk of search results...nothing easily understandable for my poor brain x[

If anybody knows any easy sandboxing solutions that I could understand and use to safely execute malicious code to prevent damage or scenarios such as shutting down a machine or other unwanted actions then I would be grateful for your input.

Thank you for spending time reading this. (^-^)/

Full text and comments »

  • Vote: I like it
  • +11
  • Vote: I do not like it