It started with this question, followed up with this question and now led to the present one. :)
它从这个问题开始,接着是这个问题,现在又引发了现在的问题。 :)
The task is as follows: make a Windows program that will run another program in a limited environment. The other program cannot be trusted, so it has to be ready for hackish code. More specifically:
任务如下:制作一个Windows程序,在有限的环境中运行另一个程序。另一个程序不可信任,因此它必须为hackish代码做好准备。进一步来说:
- Limit the available memory to some X MB (given as a parameter);
- Limit the available execution time to some X milliseconds (given as a parameter). Note, that this is the Kernel Time + User Time, but not Idle time. On the other hand, Idle time also has to be limited so that the program cannot
Sleep()infinitely. - Upon program's termination report the CPU time it actually spent, as precisely as possible. Milliseconds would be good, centiseconds acceptable, less than that would not be nice. CPU cycles would be ideal.
- If the program crashes, report some information about the crash (the more the better, but don't go overboard with stack traces and the like).
- Preferably capture all the output of the program and report that too;
- The program is supposed to be using just the current directory, plus maybe some mandatory .DLLs from SYSTEM32 (like kernel.dll, user32.dll, etc.). Limit access to anything else as much as possible. Accessing things like registry and network should not be needed (unless the mandatory .DLL's require it). The less access, the better.
将可用内存限制为某个X MB(作为参数给出);
将可用执行时间限制为约X毫秒(作为参数给出)。请注意,这是内核时间+用户时间,但不是空闲时间。另一方面,空闲时间也必须受到限制,以便程序无法无限地休眠()。
在程序终止时,尽可能精确地报告它实际花费的CPU时间。毫秒是好的,几厘秒可以接受,少于那不会很好。 CPU周期是理想的。
如果程序崩溃,请报告有关崩溃的一些信息(越多越好,但不要过度使用堆栈跟踪等)。
最好捕获程序的所有输出并报告;
该程序应该只使用当前目录,加上SYSTEM32的一些强制.DLL(如kernel.dll,user32.dll等)。尽可能限制访问其他任何内容。不应该访问诸如注册表和网络之类的东西(除非强制性的.DLL需要它)。访问越少越好。
This will be needed for a computing olympiad support software. This program will run the participants submissions on the central server, so you can expect pretty much anything there. Crashes will be routine, and some hacking attempts can be expected too.
这将是计算奥林匹克支持软件所必需的。该程序将在*服务器上运行参与者提交的内容,因此您可以期待任何相关内容。崩溃将是常规的,并且也可以预期一些黑客攻击。
So - how would you go about making such a program? What would you use? In the previous topics (see above) it has become clear that attaching as a debugger is a bad idea, although perhaps I'm simply too clumsy.
那么 - 你将如何制作这样的节目?你会用什么?在之前的主题(见上文)中,很明显附加作为调试器是一个坏主意,尽管我可能只是太笨拙了。
3 个解决方案
#1
You are pretty much building the same process model as IIS - fun! I would use the same tools that IIS uses, its relatively robust against hacking and its designed to partition your system up into many concurrent jobs.
你几乎和IIS一样构建了相同的流程模型 - 很有趣!我会使用IIS使用的相同工具,它相对强大,可以防止黑客攻击,并且可以将系统划分为多个并发作业。
You can use Win32 Jobs to set quotas for memory, cpu, threads and you can set up a security context for different processes to run in, thus limiting access to the file system.
您可以使用Win32作业为内存,CPU,线程设置配额,并且可以为要运行的不同进程设置安全上下文,从而限制对文件系统的访问。
For monitoring, I would look at WMI.
为了监控,我会看一下WMI。
For stack trace when hanging or crashing, I have used ADPlus again from Microsoft.
对于挂起或崩溃时的堆栈跟踪,我再次使用Microsoft的ADPlus。
For capturing console output, check out Creating a Child Process with Redirected Input Output.
要捕获控制台输出,请查看使用重定向输入输出创建子进程。
Regarding security restrictions, create a low privilege user account and run the job / process as that user.
关于安全限制,请创建低权限用户帐户并以该用户身份运行作业/进程。
#2
Virtualization solutions solve this problem. Maybe you can base your solution on VMWare (or equivalent) and launch separate virtual machines (one per process). You'll get good isolation, control over memory/cpu usage and reports. There's the overhead of the wrapping OS per process, but it depending on your project's requirements it might be acceptable.
虚拟化解决方案解决了这个问题也许您可以将您的解决方案基于VMWare(或等效的)并启动单独的虚拟机(每个进程一个)。您将获得良好的隔离,控制内存/ CPU使用和报告。每个进程的包装操作系统的开销很大,但是根据项目的要求,它可能是可以接受的。
#3
- Limit the available memory to some X MB (given as a parameter); Use VMWare or similar virtual enviroments
- Limit the available execution time to some X milliseconds (given as a parameter). Note, that this is the Kernel Time + User Time, but not Idle time. On the other hand, Idle time also has to be limited so that the program cannot Sleep() infinitely.
- Upon program's termination report the CPU time it actually spent; Build in program's code. (Hook on CPU power
- If the program crashes, report some information about the crash (the more the better, but don't go overboard with stack traces and the like). Build in program's code. (Exception handling)
- Preferably capture all the output of the program and report that too; Build in program's code (Logfile).
- The program is supposed to be using just the current directory, plus maybe some mandatory .DLLs from SYSTEM32 (like kernel.dll,user32.dll, etc.). Limit access to anything else as much as possible. Accessing things like registry and network should not be needed (unless the mandatory .DLL's require it). The less access, the better. Build in program's code. (If your program won't use register it won't use it.
将可用内存限制为某个X MB(作为参数给出);使用VMWare或类似的虚拟环境
将可用执行时间限制为约X毫秒(作为参数给出)。请注意,这是内核时间+用户时间,但不是空闲时间。另一方面,空闲时间也必须受到限制,以便程序无法无限地休眠()。
程序终止时报告实际花费的CPU时间;构建程序代码。 (挂上CPU电源
如果程序崩溃,请报告有关崩溃的一些信息(越多越好,但不要过度使用堆栈跟踪等)。构建程序代码。 (异常处理)
最好捕获程序的所有输出并报告;构建程序代码(Logfile)。
该程序应该只使用当前目录,加上SYSTEM32的一些强制.DLL(如kernel.dll,user32.dll等)。尽可能限制访问其他任何内容。不应该访问诸如注册表和网络之类的东西(除非强制性的.DLL需要它)。访问越少越好。构建程序代码。 (如果您的程序不使用注册,它将不会使用它。
#1
You are pretty much building the same process model as IIS - fun! I would use the same tools that IIS uses, its relatively robust against hacking and its designed to partition your system up into many concurrent jobs.
你几乎和IIS一样构建了相同的流程模型 - 很有趣!我会使用IIS使用的相同工具,它相对强大,可以防止黑客攻击,并且可以将系统划分为多个并发作业。
You can use Win32 Jobs to set quotas for memory, cpu, threads and you can set up a security context for different processes to run in, thus limiting access to the file system.
您可以使用Win32作业为内存,CPU,线程设置配额,并且可以为要运行的不同进程设置安全上下文,从而限制对文件系统的访问。
For monitoring, I would look at WMI.
为了监控,我会看一下WMI。
For stack trace when hanging or crashing, I have used ADPlus again from Microsoft.
对于挂起或崩溃时的堆栈跟踪,我再次使用Microsoft的ADPlus。
For capturing console output, check out Creating a Child Process with Redirected Input Output.
要捕获控制台输出,请查看使用重定向输入输出创建子进程。
Regarding security restrictions, create a low privilege user account and run the job / process as that user.
关于安全限制,请创建低权限用户帐户并以该用户身份运行作业/进程。
#2
Virtualization solutions solve this problem. Maybe you can base your solution on VMWare (or equivalent) and launch separate virtual machines (one per process). You'll get good isolation, control over memory/cpu usage and reports. There's the overhead of the wrapping OS per process, but it depending on your project's requirements it might be acceptable.
虚拟化解决方案解决了这个问题也许您可以将您的解决方案基于VMWare(或等效的)并启动单独的虚拟机(每个进程一个)。您将获得良好的隔离,控制内存/ CPU使用和报告。每个进程的包装操作系统的开销很大,但是根据项目的要求,它可能是可以接受的。
#3
- Limit the available memory to some X MB (given as a parameter); Use VMWare or similar virtual enviroments
- Limit the available execution time to some X milliseconds (given as a parameter). Note, that this is the Kernel Time + User Time, but not Idle time. On the other hand, Idle time also has to be limited so that the program cannot Sleep() infinitely.
- Upon program's termination report the CPU time it actually spent; Build in program's code. (Hook on CPU power
- If the program crashes, report some information about the crash (the more the better, but don't go overboard with stack traces and the like). Build in program's code. (Exception handling)
- Preferably capture all the output of the program and report that too; Build in program's code (Logfile).
- The program is supposed to be using just the current directory, plus maybe some mandatory .DLLs from SYSTEM32 (like kernel.dll,user32.dll, etc.). Limit access to anything else as much as possible. Accessing things like registry and network should not be needed (unless the mandatory .DLL's require it). The less access, the better. Build in program's code. (If your program won't use register it won't use it.
将可用内存限制为某个X MB(作为参数给出);使用VMWare或类似的虚拟环境
将可用执行时间限制为约X毫秒(作为参数给出)。请注意,这是内核时间+用户时间,但不是空闲时间。另一方面,空闲时间也必须受到限制,以便程序无法无限地休眠()。
程序终止时报告实际花费的CPU时间;构建程序代码。 (挂上CPU电源
如果程序崩溃,请报告有关崩溃的一些信息(越多越好,但不要过度使用堆栈跟踪等)。构建程序代码。 (异常处理)
最好捕获程序的所有输出并报告;构建程序代码(Logfile)。
该程序应该只使用当前目录,加上SYSTEM32的一些强制.DLL(如kernel.dll,user32.dll等)。尽可能限制访问其他任何内容。不应该访问诸如注册表和网络之类的东西(除非强制性的.DLL需要它)。访问越少越好。构建程序代码。 (如果您的程序不使用注册,它将不会使用它。