I'm trying to write a simple judge that will compile and execute user submitted c files. I found libsandbox and a question here on *.
我正在编写一个简单的判断,它将编译并执行用户提交的c文件。我在*上找到了libsandbox和一个问题。
I have installed the python module and as per the instructions I'm trying to run a hello world program written in C
我已经安装了python模块,按照我正在尝试运行用C编写的hello world程序的说明
➜ sandbox git:(V_0_3_x) ✗ ./hello
Hello World%
➜ sandbox git:(V_0_3_x) ✗ python sample2.py hello
result: RF
cpu: 2ms
mem: 288kB
As you can see, when I run the program in the sandbox I don't get any output. It'd be great if someone could tell me how to correctly use it.
如您所见,当我在沙箱中运行程序时,我没有得到任何输出。如果有人能告诉我如何正确地使用它就太好了。
2 个解决方案
#1
2
The sample code of libsandbox forbids system calls for file operations, such as open(), stat(), close(). That said, you'll need to either (1) link the hello world program statically to avoid opening files such as shared libraries (i.e. libc.so), or (2) write a customized sandbox policy that permits relevant system calls. Some examples on customizing sandbox policies can be found at https://github.com/liuyu81/TR-OJA-201209A.
libsandbox的示例代码禁止系统调用文件操作,如open()、stat()、close()。也就是说,您需要(1)静态地链接hello world程序,以避免打开共享库(例如libc.so)之类的文件,或者(2)编写允许相关系统调用的自定义沙箱策略。关于自定义沙箱策略的一些示例可以在https://github.com/liuyu81/TR-OJA-201209A找到。
DISCLAIMER: I am the author of libsandbox.
免责声明:我是libsandbox的作者。
#2
1
The RF result code was most likely due to unexpected syscalls for file operations (i.e. SYS_open(), SYS_close(), SYS_stat(), ...). It so happens when (1) the target program actually does file operations, and (or) when (2) it was dynamically linked and needs to load .so libraries in runtime. Since your target program does not invoke file operations, it belongs to the latter case.
RF结果代码最有可能是由于文件操作(例如SYS_open()、SYS_close()、SYS_stat()、…)的意外syscalls。当(1)目标程序实际执行文件操作时,(或)当(2)它被动态链接并需要加载时,就会发生这种情况。由于目标程序不调用文件操作,所以它属于后一种情况。
Then, to resolve the RF outcome, either,
然后,为了解决RF结果,
statically link the target program to avoid dependencies on shared libraries; or, extend the policy rules in the wrapper script to handle relevant SYSCALL / SYSRET events;
静态地链接目标程序以避免对共享库的依赖;或者,扩展包装器脚本中的策略规则来处理相关的SYSCALL / SYSRET事件;
For statically linking system calls we use system call codes for ex 0,1,2 3-sys_read 1-sys_exit and so on Go through link for more details link for system call list with code : http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
对于静态链接系统调用,我们对ex 0、1、2、3-sys_read 1-sys_exit等使用系统调用代码:http://docs.cs.up.ac.ac.za/programming/asm/derick_tut/syscalls.html,通过链接获得更多的系统调用列表细节链接
I change this:
我改变这个:
x86_64=set([0,1,5,8,9,10,11,12,16,21,25,63,89,158,219,231])
for this:
:
x86_64=set([0,1,2,3,4,5,8,9,10,11,12,16,21,25,63,89,158,219,231,])
in sample2.py, and It works.
sample2。py和它的工作原理。
Modified sample2.py is available in my github repository link : https://github.com/palashmaran/libsandbox.git
sample2修改。py在我的github储存库链接中可用:https://github.com/palashmaran/libsandbox.git。
#1
2
The sample code of libsandbox forbids system calls for file operations, such as open(), stat(), close(). That said, you'll need to either (1) link the hello world program statically to avoid opening files such as shared libraries (i.e. libc.so), or (2) write a customized sandbox policy that permits relevant system calls. Some examples on customizing sandbox policies can be found at https://github.com/liuyu81/TR-OJA-201209A.
libsandbox的示例代码禁止系统调用文件操作,如open()、stat()、close()。也就是说,您需要(1)静态地链接hello world程序,以避免打开共享库(例如libc.so)之类的文件,或者(2)编写允许相关系统调用的自定义沙箱策略。关于自定义沙箱策略的一些示例可以在https://github.com/liuyu81/TR-OJA-201209A找到。
DISCLAIMER: I am the author of libsandbox.
免责声明:我是libsandbox的作者。
#2
1
The RF result code was most likely due to unexpected syscalls for file operations (i.e. SYS_open(), SYS_close(), SYS_stat(), ...). It so happens when (1) the target program actually does file operations, and (or) when (2) it was dynamically linked and needs to load .so libraries in runtime. Since your target program does not invoke file operations, it belongs to the latter case.
RF结果代码最有可能是由于文件操作(例如SYS_open()、SYS_close()、SYS_stat()、…)的意外syscalls。当(1)目标程序实际执行文件操作时,(或)当(2)它被动态链接并需要加载时,就会发生这种情况。由于目标程序不调用文件操作,所以它属于后一种情况。
Then, to resolve the RF outcome, either,
然后,为了解决RF结果,
statically link the target program to avoid dependencies on shared libraries; or, extend the policy rules in the wrapper script to handle relevant SYSCALL / SYSRET events;
静态地链接目标程序以避免对共享库的依赖;或者,扩展包装器脚本中的策略规则来处理相关的SYSCALL / SYSRET事件;
For statically linking system calls we use system call codes for ex 0,1,2 3-sys_read 1-sys_exit and so on Go through link for more details link for system call list with code : http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
对于静态链接系统调用,我们对ex 0、1、2、3-sys_read 1-sys_exit等使用系统调用代码:http://docs.cs.up.ac.ac.za/programming/asm/derick_tut/syscalls.html,通过链接获得更多的系统调用列表细节链接
I change this:
我改变这个:
x86_64=set([0,1,5,8,9,10,11,12,16,21,25,63,89,158,219,231])
for this:
:
x86_64=set([0,1,2,3,4,5,8,9,10,11,12,16,21,25,63,89,158,219,231,])
in sample2.py, and It works.
sample2。py和它的工作原理。
Modified sample2.py is available in my github repository link : https://github.com/palashmaran/libsandbox.git
sample2修改。py在我的github储存库链接中可用:https://github.com/palashmaran/libsandbox.git。